The fallout from Target’s now infamous security breach continues to plague the retailer as a new class action suit charges that it failed to implement sufficient security measures to protect its customers data.
The lawsuit was initiated by Umpqua Bank (UB), headquartered in Portland, Oregon. UB alleges that in a mad rush to assuage angry customers who had their data accessed as a result of Target’s negligence, the retailer promised that no shopper would be held accountable for fraudulent charges as a result of the breach. However, UB complains that Target had no right to issue such a promise since it is the relevant financial institutions, the banks and credit card companies, that will now have to foot the bill.
The official complaint filed pulls no punches. “As details of the data breach emerge, security experts profess bewilderment by the level of negligence exhibited by defendant in maintaining the security of highly sensitive consumer financial data. Reports proliferate of Target’s ‘astonishingly’ vulnerable security systems, which lack the virtual walls and motion detectors found [as a matter of course] in secure networks.”
Analysts predict that at least 15 percent of the credit cards could incur fraudulent charges, averaging as much as a few hundred dollars in illicit charges per card. The debacle could ultimately cost someone–either financial institutions or Target–several billion dollars in total, with an estimated $1.1 billion in repayments to banks for unauthorized transactions.
The details about Target’s cyber-attack have trickled into the public eye like a slow leak. Hackers broke through Target’s online security system, accessing the personal data–financial and otherwise–of more than seventy million shoppers. The credit and debit card information of more than forty million people is now considered compromised.
According to UB, it has already incurred substantial financial costs as a result of Target’s missteps: contacting all its customers, reissuing new cards, investigating claims for fraud and reimbursing card holders for fraudulent charges has proven expensive. Card replacements alone, according to a study conducted by the Credit Union National Association, is estimated to cost a total of $200 million.
Currently, there are nearly seventy class actions suits alleging that it failed to take adequate steps to ensure the safety of its customers. Tina Wolfson, an attorney at Ahdoot & Wolfson P.C., who is the lead attorney on one of the suits, said that Target’s failure “to maintain reasonable security procedures, and delays in notifying customers, will put her clients at risk for identity theft for years.” She continued, “This could be the biggest case I’ve seen in number of people affected.”
For the fourth fiscal quarter, Target’s net income declined 5.2% to $981 million, down from $1.04 billion from last year. Profit totaled $1.49 per share; analysts were generally forecasting $1.39. Target’s stock rose 2.9% on the strength of the news; last year its shares dropped 15 percent. Overall earnings before interest expenses and income taxes declined 22.4%, from $1.82 million to $1.43 million. Sales dipped 6.6% from $20.9 billion to $22.4 billion, a 2.5% decrease in comp-store sales. Even more ominous, net profits skid 46 percent to $520 million, down from $962 million.
For the full year 2013, Target’s sales declined 0.9% to $71.3 billion, down from $72 billion last year. For the same period, net profits dropped a substantial 34.3%.