As of Thursday, at least four class action lawsuits have been filed in Chicago’s federal court over Target’s recent loss of 40 million customers’ credit and debit card information to computer hackers.
These suits account for a few of more than a dozen federal class action complaints that have been brought nationwide against the retail giant since the security breach.
The breach happened sometime between Nov. 27 and Dec. 15, during the height of the holiday shopping season, and resulted in the theft of customers’ names and their card numbers and expiration dates.
Target claims the breach only affected customers who shopped in its nearly 1,800 stores and didn't affect those who purchased items online.
The four lawsuits brought in Chicago all seek more than $5 million in damages, plus attorneys’ fees, but take slightly different approaches in their legal arguments.
In one of the suits, plaintiff Veronica Ponce alleges Target breached an implied contract with her and others in the proposed class by allowing the security breach to happen.
“When Plaintiff confided her private and confidential debit card and credit card information to Defendant in order to make purchases at Defendant’s store, Plaintiff and Class members entered into implied contracts with Defendant under which Defendant agreed to safeguard and protect all such information,” Ponce’s attorney, Mark Lavery of Hyslip & Taylor LLC, wrote in her Dec. 19 complaint.
Attorney Daniel Edelman of Edelman, Combs, Latturner & Goodwin filed a similar suit against Target on Dec. 23 on behalf of Denise Novak, Howard Hoffman, David Friedman and Lawrence Estep.
In this suit, the plaintiffs also allege a breach of implied contract, but go on to include a count for the violation of the Illinois Consumer Fraud and Deceptive Business Act in regards to the security failure.
Novak, Hoffman, Friedman and Estep claim Target violated the state’s consumer fraud law in how it handled telling its customers about the breach. Target notified customers about the breach on Dec. 19, five days after it ended. These four plaintiffs contend that wasn’t soon enough under Illinois law.
Janice McCarter’s class action suit against Target diverges from the two above-mentioned complaints in that it includes claims of negligence and alleges a violation of Illinois Personal Information Act, in addition to a violation of the Consumer Fraud Act.
“Target, through its actions or omissions, unlawfully breached its duty to Plaintiff by failing to exercise reasonable case in protecting and safeguarding Plaintiff’s private and personal information within Target’s possession,” McCarter asserts in regards to her negligence count.
McCarter claims that Target violated by the state’s Personal Information Act by allowing the breach to happen. Like Novak, Hoffman, Friedman and Estep, McCarter contends Target violated state consumer fraud laws by not telling customers about the breach sooner.
McCarter’s suit was filed Dec. 23 by attorney Kenneth DucDuong of KMD Law Office.
Attorneys Joseph J. Siprut and Gregg M. Barbakoff filed a suit on Dec. 24 for Chandra McPherson, who is also suing Target individually and on behalf of a proposed class.
McPherson’s suit includes counts for breach of implied contract and violation of the state’s consumer fraud laws. She asserts her bank informed her she was considered to be at risk due to the breach and as a result, restricted her daily cash withdrawal and purchase limits.
In the wake of the breach, Target pointed the blame to the people who stole the personal information and has offered free credit monitoring services to affected customers.
Gregg Steinhafel, chairman, president and chief executive officer at Target, said in a prepared statement that, “Target’s first priority is preserving the trust of our guests and we have moved swiftly to address this issue, so guests can shop with confidence.”
“We regret any inconvenience this may cause,” he added. “We take this matter very seriously and are working with law enforcement to bring those responsible to justice.”