http://arstechnica.com/tech-policy/2014/12/judge-rules-that-banks-can-sue-target-for-2013-credit-card-hack/ By Megan Geuss Ars Technica Dec 4, 2014 On Tuesday, a District Court judge in Minnesota ruled [PDF] that a group of banks can proceed to sue Target for negligence in the December 2013 breach that resulted in the theft of 40 million consumer credit card numbers as well as personal information on 70 million customers. The banks alleged that Target had “failed to heed warning signs” that would have stymied the banks’ losses. The breach occurred between mid-November and mid-December in 2013, after hackers placed malware on Target POS systems which made it possible for them to steal credit card numbers as consumers swiped. The vast number of people affected by the breach made Target’s hack the most notorious, but subsequent reports revealed that Target was only one of many big-name retail stores that had credit card data stolen—Neiman Marcus, Michaels, and later Home Depot customers were also revealed to be targets. After the breach, multiple banks and consumers sued Target in Minnesota, where the company is headquartered. The lawsuits from both banks and consumers were grouped together into two consolidated class action complaints. Target filed a motion to dismiss the claims made by the financial institutions, but District Court judge Paul A. Magnuson ruled that the plaintiffs’ claims were valid. The decision could lead to significant changes in the way the cost of fraud is distributed among parties in the credit card ecosystem. Where once banks and merchant acquirers would have to shoulder the burden of fraud (which is how they have long justified increasing Interchange Fees), now, potentially, the order from Magnuson could pave the way for more card-issuing banks to sue merchants for not protecting their POS systems properly. […]