Great. Now can bank customers sue the banks when their incompetence lets crooks steal money from ATMs? (which the banks immediately blame on the customers until they are forced to admit it was their fault).
US retail giant Target fails to get banks' MEGABREACH lawsuit slung out of court
Target has failed in is attempt to persuade a judge to reject lawsuit by banks harmed by losses following the US retail giant's megabreach. US District Judge Paul Magnuson ruled that Target played a "key role" in permitting cybercriminals to infiltrate its computer networks. Because of this, a lawsuit by banks seeking to …
COMMENTS
-
-
Wednesday 3rd December 2014 14:47 GMT Tom 13
Re: good news everyone
I have to disagree. If it's the PLC it can be swept under the carpet. What we need is a case that establishes that for something this big, the corporate veil is necessarily pierced, and the executive officers are joint and severally responsible for the damages. In fact, not only are the Target exexutives at fault, so are the same banks that are suing Target, and by the same logic.
THAT will get their attention.
-
-
Thursday 4th December 2014 14:00 GMT Tom 13
Re: How is this one in particular the banks fault?
You don't maliciously harvest data without using it. Given the way banks monitor cards for fraud* and the amount of fraud generated by each part of the breach, the banks should have quickly identified Target as the source of the breaches.
*Roommate recently made a trip from Maryland to Texas to visit parents. Roomie makes this trip every year at the same time. CC company denied her a purchase and shut off the card because it wasn't in MD. Then called the house and left a voice message I got about the fraud attempt.
-
-
-
-
Wednesday 3rd December 2014 14:37 GMT cs94njw
Fines are stupid. They'll either increase their prices and make the customer pay for the fine, use some of their assets set aside for this kind of stuff, or reduce the dividends (which admittedly wouldn't be popular with shareholders).
I agree with AC - start sentencing executives. If a till girl can be fined/sent to prison for selling alcohol to a minor, then surely the same should apply for even worse crimes?
-
-
Wednesday 3rd December 2014 19:48 GMT sisk
And Target has already significantly raised their prices....
I've been shopping there for years as they're the only viable alternative to Wal-Mart* around here. I've not noticed any significant price increases. There have been some minor increases, but they've basically been in line with inflation.
*I refuse to shop at Wal-Mart. Don't get me started on the reasons or I'll be ranting all day.
-
Wednesday 3rd December 2014 16:43 GMT Anonymous Coward
fines will make the customer pay for the fine?
I disagree, you can attempt to pass over the customer the cost of a fine as a price increase. But if you do that, then your business will be at competitive disadvantage in price, so it will hurt your business.
Unless you're a monopoly, of course.
-
-
-
Wednesday 3rd December 2014 16:35 GMT Kev99
Why are they on the internet?
I never cease to wonder why so many companies continue to think the internet is safe and secure and therefore a good place to for sensitive, confidential, and / or proprietary information. Before the ARPA opened the internet to the public, companies used dedicated telephone lines for their data. Now, in bowing to the greedy twerps of Wall Street and The City, these companies have decided the internet is the place to be. They deserve what the get for their greed and stupidity.
-
Wednesday 3rd December 2014 19:04 GMT chris lively
I seriously hope this continues to go forward and the other lawsuits are successful against the other large offenders like Home Depot.
They don't need to store this info. It can travel from the pin pad device all the way to the clearing house in an encrypted format. Maybe, just maybe, a huge lawsuit like this will convince other companies to stop their bullshit "security" practices, fire the idiot programmers, and for once do something right. Even if they are forced to by being in fear of having their business go tits up.
-
Wednesday 3rd December 2014 20:25 GMT RW
Those "idiot programmers'
Yes, they are idiots, but that's because Target and other large corporations won't pay for good programmers. The bean counters object, viewing "programmer" as a class of fully fungible entities.
Programming in a network environment (and everything is in a network environment these days) is not easy. To be able to do it right requires (a) plenty of raw brainpower (b) good education and (c) lots and lots of experience. No, you can't ask your secretary to set up a web page. No, you can't ask a junior staff member to look after server security. These are difficult jobs demanding a high level of expertise to do right.
I omit the minor problem that truly competent programmers are not thick on the ground.
-
Thursday 4th December 2014 10:37 GMT Bronek Kozicki
Re: Those "idiot programmers'
... which is exactly why HUGE fines, capable of taking the company to brink, are needed. Anything less will not teach idiots in upper layers of mismanagement that actually, they do not have a choice but pay good money for good security, and the only alternative is going bust.
-
Friday 5th December 2014 21:12 GMT Michael Wojcik
Re: Those "idiot programmers'
Yes, they are idiots, but that's because Target and other large corporations won't pay for good programmers. The bean counters object, viewing "programmer" as a class of fully fungible entities.
That has absolutely nothing to do with the Target breach.
The Target breach was due to flaws in third-party code, not anything written by developers employed by Target. And Target's outsourced monitoring organization detected the breach. The failure was due to inaction by higher-ups in Target IT who were informed by the monitoring team but ignored them.
I'm afraid you'll need to find a different stone on which to grind your axe.
-
-