back to article US retail giant Target fails to get banks' MEGABREACH lawsuit slung out of court

Target has failed in is attempt to persuade a judge to reject lawsuit by banks harmed by losses following the US retail giant's megabreach. US District Judge Paul Magnuson ruled that Target played a "key role" in permitting cybercriminals to infiltrate its computer networks. Because of this, a lawsuit by banks seeking to …

  1. Christoph

    Great. Now can bank customers sue the banks when their incompetence lets crooks steal money from ATMs? (which the banks immediately blame on the customers until they are forced to admit it was their fault).

  2. Bronek Kozicki

    good news everyone

    the sooner we see a large PLC company suffer significant losses due to shoddy security practices, the better example it will set for others. Admittedly, it's still far from going bankrupt, I just assume the fines would be big enough.

    1. Tom 13

      Re: good news everyone

      I have to disagree. If it's the PLC it can be swept under the carpet. What we need is a case that establishes that for something this big, the corporate veil is necessarily pierced, and the executive officers are joint and severally responsible for the damages. In fact, not only are the Target exexutives at fault, so are the same banks that are suing Target, and by the same logic.

      THAT will get their attention.

      1. Gordon 10
        FAIL

        Re: good news everyone

        Eh? How is this one in particular the banks fault?

        1. Tom 13

          Re: How is this one in particular the banks fault?

          You don't maliciously harvest data without using it. Given the way banks monitor cards for fraud* and the amount of fraud generated by each part of the breach, the banks should have quickly identified Target as the source of the breaches.

          *Roommate recently made a trip from Maryland to Texas to visit parents. Roomie makes this trip every year at the same time. CC company denied her a purchase and shut off the card because it wasn't in MD. Then called the house and left a voice message I got about the fraud attempt.

  3. Anonymous Coward
    Anonymous Coward

    The only way of taking security seriously

    Is to slap them in the only place where it really hurts them: their wallets. If possible, make executive level positions (where it can be proved that they did not took adequate measures) personally liable. Top down.

  4. cs94njw

    Fines are stupid. They'll either increase their prices and make the customer pay for the fine, use some of their assets set aside for this kind of stuff, or reduce the dividends (which admittedly wouldn't be popular with shareholders).

    I agree with AC - start sentencing executives. If a till girl can be fined/sent to prison for selling alcohol to a minor, then surely the same should apply for even worse crimes?

    1. ecofeco Silver badge

      Both. Fines and jail time.

      And Target has already significantly raised their prices months ago directly because of this mistake.

      1. Gene Cash Silver badge

        > Target has already significantly raised their prices

        That's ok, I've already stopped shopping there, after they got my card chomped.

      2. sisk

        And Target has already significantly raised their prices....

        I've been shopping there for years as they're the only viable alternative to Wal-Mart* around here. I've not noticed any significant price increases. There have been some minor increases, but they've basically been in line with inflation.

        *I refuse to shop at Wal-Mart. Don't get me started on the reasons or I'll be ranting all day.

    2. Anonymous Coward
      Anonymous Coward

      fines will make the customer pay for the fine?

      I disagree, you can attempt to pass over the customer the cost of a fine as a price increase. But if you do that, then your business will be at competitive disadvantage in price, so it will hurt your business.

      Unless you're a monopoly, of course.

  5. Stevie

    Bah!

    This is very good news.

    Now the bank can hand over some to cover *my* material losses in the aftermath of one (1) credit card details bonanza break-in and two separate (1 1) "lost or stolen" tapes containing my mortgage information.

  6. ecofeco Silver badge

    Behold the power!

    ... of this fully operational lawsuit!

    (best James Earl Jones voice)

  7. Kev99 Silver badge

    Why are they on the internet?

    I never cease to wonder why so many companies continue to think the internet is safe and secure and therefore a good place to for sensitive, confidential, and / or proprietary information. Before the ARPA opened the internet to the public, companies used dedicated telephone lines for their data. Now, in bowing to the greedy twerps of Wall Street and The City, these companies have decided the internet is the place to be. They deserve what the get for their greed and stupidity.

    1. sisk

      Re: Why are they on the internet?

      I was under the impression that the Target breach was committed by someone with direct access to their sales terminals who managed to infect their corporate servers.

  8. chris lively

    I seriously hope this continues to go forward and the other lawsuits are successful against the other large offenders like Home Depot.

    They don't need to store this info. It can travel from the pin pad device all the way to the clearing house in an encrypted format. Maybe, just maybe, a huge lawsuit like this will convince other companies to stop their bullshit "security" practices, fire the idiot programmers, and for once do something right. Even if they are forced to by being in fear of having their business go tits up.

    1. RW
      Boffin

      Those "idiot programmers'

      Yes, they are idiots, but that's because Target and other large corporations won't pay for good programmers. The bean counters object, viewing "programmer" as a class of fully fungible entities.

      Programming in a network environment (and everything is in a network environment these days) is not easy. To be able to do it right requires (a) plenty of raw brainpower (b) good education and (c) lots and lots of experience. No, you can't ask your secretary to set up a web page. No, you can't ask a junior staff member to look after server security. These are difficult jobs demanding a high level of expertise to do right.

      I omit the minor problem that truly competent programmers are not thick on the ground.

      1. Bronek Kozicki

        Re: Those "idiot programmers'

        ... which is exactly why HUGE fines, capable of taking the company to brink, are needed. Anything less will not teach idiots in upper layers of mismanagement that actually, they do not have a choice but pay good money for good security, and the only alternative is going bust.

      2. Michael Wojcik Silver badge

        Re: Those "idiot programmers'

        Yes, they are idiots, but that's because Target and other large corporations won't pay for good programmers. The bean counters object, viewing "programmer" as a class of fully fungible entities.

        That has absolutely nothing to do with the Target breach.

        The Target breach was due to flaws in third-party code, not anything written by developers employed by Target. And Target's outsourced monitoring organization detected the breach. The failure was due to inaction by higher-ups in Target IT who were informed by the monitoring team but ignored them.

        I'm afraid you'll need to find a different stone on which to grind your axe.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon