Financial institutions accuse Target of RICO conspiracy

[Jeffrey Walton <noloader () gmail com>]

http://blog.thomsonreuters.com/index.php/financial-institutions-accuse-target-rico-conspiracy/

A bank and two credits unions have joined the growing list of
plaintiffs suing Target Corp. over its widely publicized software data
breach that occurred at its stores during last year’s holiday season.

American Bank of Commerce, of Wolfforth, Texas, Employees Credit
Union, of Dallas, and KC Police Credit Union, of Kansas City, Mo.,
allege Target violated the Racketeer Influenced and Corrupt
Organization Act, 18 U.S.C. § 1962, by inducing them to approve
millions of dollars in payment card purchases even though it knew it
was not in compliance with customer data security policies and
protocols.

Target allegedly engaged in this RICO “conspiracy” to increase revenue
and save itself the cost of implementing the proper customer data
security policies, according to the complaint in the U.S. District
Court for the Northern District of Texas.

As a result, the nation’s second largest discount retailer “wrongfully
shifted the risk and expense of the data breach” to the plaintiffs and
members of the Visa and MasterCard networks, the suit says.

In response to request for comment on the suit, a Target spokeswoman
said the company “typically doesn’t comment on pending litigation.”

The complaint is the latest of at least 83 lawsuits filed nationwide
over the data breach that exposed Target shoppers to identity theft as
a result of the company’s purported failure to install proper security
procedures to protect customers’ credit card information.

The compromised information was stolen by hackers between Nov. 27 and
Dec. 15 through software installed on machines that customers use to
swipe the magnetic strips on their cards when paying for merchandise
at Target’s brick-and-mortar stores, according to the complaint.

As a result of the security breach, hackers had the ability to create
counterfeit cards by encoding the stolen data onto any card with a
magnetic strip, the complaint says.

Target said in a statement that it alerted authorities and financial
institutions immediately after it learned of the unauthorized access
and that it has since “identified and resolved the issue.”

American Bank of Commerce and the credit unions allege they have been
damaged by the breach because they have to pay to cancel and reissue
customer credit and debit cards that may have been compromised.

They also will have to absorb fraudulent charges that were made on the
compromised cards, the suit says.

What’s more, Target knew about the vulnerability as far back as 2007
when a data security expert warned the company about the possibility
of a data breach in its point-of-sale system, according to the
complaint.

“Target was told how to prevent such a breach and, if the preventive
measures were not taken, warned that a data breach could result,” the
complaint says.  “Even though Target described the security expert’s
suggestions as ‘good ideas,’ on information and belief, it did not
implement them.”

The plaintiffs seek actual and punitive damages for negligence, breach
of contract and unjust enrichment, among other causes of action.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.