Judge won't dismiss credit card companies' case against Target

A federal judge has refused to dismiss litigation filed by financial institutions against Target Corp. in connection with last year's data breach involving about 110 million of the retailer's customers.

Minneapolis-based Target Corp. had sought dismissal of litigation filed against it by a group of five payment-card-issuing financial institutions in connection with the massive data breach. Target argued it is not liable for the financial losses sustained by the financial institutions as a result of the breach because it has no direct relationship with the financial institutions.

But in a memorandum filed Tuesday in federal District Court in St. Paul, Minnesota, Judge Paul A. Magnuson said plaintiffs can proceed with charges including negligence against the retailer.

“At this preliminary stage of the litigation, plaintiffs have plausibly pled a general negligence case,” said the memorandum. “Although the third-party hackers' activities caused harm, Target played a key role in allowing the harm to occur. Indeed, plaintiffs' allegation that Target purposely disabled the security features that would have prevented the harm is itself sufficient to plead a direct negligence case.”

The judge did agree to dismiss the negligent-misrepresentation-by-omission claim that Target had failed to disclose material weaknesses in its data security systems and procedures.

The judge said the complaint contains no indication that plaintiffs had relied on any of the alleged omissions. However, he gave the plaintiffs 30 days to file an amended complaint on this issue.