The Target Corporation is facing its first legal challenge from within its home state after one of the largest personal data breaches in history.
A class-action lawsuit was filed on Saturday by five Minnesota banks representing their customers. Because of the scope of the breach, the cost to banks and retailers nationwide could exceed $18 billion. The Minnesota banks are asking for more $5 million, the cost to them and their customers.
One of the banks involved in the complaint is based out of Luverne. According to the court papers, it's listed as an issuer of debit cards whose customers were impacted by the breach. The complaint alleges that Target violated a Minnesota law, which says companies like Target cannot store information including PIN numbers or the three-digit CVV security codes. Millions of customers lost that information in the breach.
There are also allegations that Target willingly chose cheaper security measures instead of more effective security protections designed to keep customer data out of the wrong hands. The complaint adds that Visa and Mastercard each approached Target about its security systems after four major data breaches dating back to 2007, establishing that Target knew of the security loopholes but chose not to correct them.
The complaint brings five counts against Target, including breach of contract. It asks for re-payment of any damages suffered by customers, as well as the reimbursement of any fees the banks incurred from re-issuing debit and credit cards.
Both Target and the First Farmers and Merchants National Bank in Luverne have no comment on the case at this time. The complaint does say that the banks are requesting a jury trial in the case.