Andre Yoskowitz
6 Dec 2014 21:31
2014 has undoubtedly been a year to forget for retailers and customer data, as many prominent companies have seen severe security breaches leading to the loss of names, addresses, credit card numbers and other sensitive information of hundreds of millions of Americans.
The related fraudulent charges and the costs to replace credit and debit cards has led banks to lose over $400 million on just one single scandal this year (Target), and thanks to a early court ruling, the banks can now move forward with lawsuits against retailers that have been negligent with their security.
In the Target incident, nearly 50 million cards were compromised and in the past the banks have borne the costs of replacements but until this year, the breaches have never been so large. The new ruling allows banks to sue the merchants if there is enough evidence to prove that the company was "negligent" in securing their networks and customer data.
In the case of Target, a number of banks sued claiming that Target "ignored security software alerts and disabled some of its security features" before they were attacked, and the judge agreed.
"Plaintiffs have plausibly alleged that Target's actions and inactions -- disabling certain security features and failing to heed the warning signs as hackers' attack began -- caused foreseeable harm to plaintiffs," Judge Magnuson wrote in his ruling. "Plaintiffs have also plausibly alleged that Target's conduct both caused and exacerbated the harm they suffered."
Before the cyber attack, Target had installed state-of-the-art $1.6 million advanced breach detection software from FireEye but allegedly ignored numerous warnings from the technology until it was much too late.
Source:
NYT