funsec mailing list archives
Financial institutions accuse Target of RICO conspiracy
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 6 Aug 2014 17:16:56 -0400
http://blog.thomsonreuters.com/index.php/financial-institutions-accuse-target-rico-conspiracy/ A bank and two credits unions have joined the growing list of plaintiffs suing Target Corp. over its widely publicized software data breach that occurred at its stores during last year’s holiday season. American Bank of Commerce, of Wolfforth, Texas, Employees Credit Union, of Dallas, and KC Police Credit Union, of Kansas City, Mo., allege Target violated the Racketeer Influenced and Corrupt Organization Act, 18 U.S.C. § 1962, by inducing them to approve millions of dollars in payment card purchases even though it knew it was not in compliance with customer data security policies and protocols. Target allegedly engaged in this RICO “conspiracy” to increase revenue and save itself the cost of implementing the proper customer data security policies, according to the complaint in the U.S. District Court for the Northern District of Texas. As a result, the nation’s second largest discount retailer “wrongfully shifted the risk and expense of the data breach” to the plaintiffs and members of the Visa and MasterCard networks, the suit says. In response to request for comment on the suit, a Target spokeswoman said the company “typically doesn’t comment on pending litigation.” The complaint is the latest of at least 83 lawsuits filed nationwide over the data breach that exposed Target shoppers to identity theft as a result of the company’s purported failure to install proper security procedures to protect customers’ credit card information. The compromised information was stolen by hackers between Nov. 27 and Dec. 15 through software installed on machines that customers use to swipe the magnetic strips on their cards when paying for merchandise at Target’s brick-and-mortar stores, according to the complaint. As a result of the security breach, hackers had the ability to create counterfeit cards by encoding the stolen data onto any card with a magnetic strip, the complaint says. Target said in a statement that it alerted authorities and financial institutions immediately after it learned of the unauthorized access and that it has since “identified and resolved the issue.” American Bank of Commerce and the credit unions allege they have been damaged by the breach because they have to pay to cancel and reissue customer credit and debit cards that may have been compromised. They also will have to absorb fraudulent charges that were made on the compromised cards, the suit says. What’s more, Target knew about the vulnerability as far back as 2007 when a data security expert warned the company about the possibility of a data breach in its point-of-sale system, according to the complaint. “Target was told how to prevent such a breach and, if the preventive measures were not taken, warned that a data breach could result,” the complaint says. “Even though Target described the security expert’s suggestions as ‘good ideas,’ on information and belief, it did not implement them.” The plaintiffs seek actual and punitive damages for negligence, breach of contract and unjust enrichment, among other causes of action. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Financial institutions accuse Target of RICO conspiracy Jeffrey Walton (Aug 06)