Target To Face Class-Action Lawsuit From Banks Over Data Breach

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Finally, Target will have to face a class-action lawsuit so customers can finally be compensated for the damages incurred as a result of that data breach. Wait...this is a class action lawsuit from the banks?

In a statement, Charles Zimmerman, one of the lead lawyers representing the banks, said, "This important ruling brings financial institutions one step closer to collectively holding Target accountable for its unprecedented data breach."
 
Banks had to issue new cards like crazy. It is not cheap for a breach of that scale.
 
That part is obvious....the "holy crap" part is when is that last time BANKS had to get together and file a class action lawsuit against anyone? This is the first time I've heard of it. It's normally consumers that need a class action lawsuit.
 
Steve said:
That part is obvious....the "holy crap" part is when is that last time BANKS had to get together and file a class action lawsuit against anyone? This is the first time I've heard of it.
Click to expand...

Ok, this makes sense and you're right I can't think of where that's happened recently.
 
Steve said:
I'm going to laugh if the banks get a typical class action settlement for $100M, they each get $1M and the attorneys walk with $95M. :D
Click to expand...

Banks usually have high powered law firms on retainers and just pay them on a non-contingency basis.
 
Steve said:
I'm going to laugh if the banks get a typical class action settlement for $100M, they each get $1M and the attorneys walk with $95M. :D
Click to expand...

More like $25 coupons that are set to expire 3 months from date issued, but it takes 2 months for the coupon to be processed and mail out. And the lawyers get $99M
 
I just hope this doesn't put Target out of business. They're my favorite store chain.
 
Target To Face Class-Action Lawsuit From Banks Over Data Breach
Click to expand...
Banks To Face Class-Action Lawsuit From Entire World Populace Over Fraud, Manipulation of Economies, ...

no one said ever
 
dgingeri said:
I just hope this doesn't put Target out of business. They're my favorite store chain.
Click to expand...

It's a decent big box retailer but they just aren't price competitive with Walmart though I think Target does have better quality.
 
Maybe we should start using drone strikes against the hackers responsible for the breaches?
 
heatlesssun said:
It's a decent big box retailer but they just aren't price competitive with Walmart though I think Target does have better quality.
Click to expand...

Target is like Publix. Clean stores, good products and they call in more cashiers if they are needed. You pay a little more but IMO it's worth it. Walmart always has two lines open out of 50 registers. I don't get it.

Target will price match Amazon and you get 5% off with red card. Use the pharmacy and get an extra 5% off your shopping trip after 5 refills. These discounts apply to Apple stuff and even prepaid cards, I have noticed.
 
There is going to be a fire sale on bricks, I am sure retailers are collectively shitting them profusely.
Good on the banks, and I would rarely say that.
Screw retailers and their data hoarding, that shit needs to end.
 
Target offered a joke of a settlement to me (and all affected banks and CUs) to waive my rights as an FI to join this settlement the week before the class certification. I know Magnuson and he is very fair and a very good judge, shall be interesting to see how this plays out.
 
damicatz said:
Perhaps the banks should stop using obsolete technology on their credit cards.
Click to expand...

hah you are the same one that posted on ATMs yesterday that had to be corrected, so I'll help you with this as well... a) this had nothing to financial institutions. Target was informed of the breach by their 3rd party managed services/security vendor and took no action. It was a hole in TARGET's POS technology. b) the reason that we are behind in EMV certification is because of colossal expense and no monetary reason for the MERCHANT's and CARD PROCESSOR's to become EMV compliant. Banks and CUs can't just turn on EMV, there has to be infrastructure in place. Regulation put in place to shit liability to the lowest common denominator starting in October has put a fire under the ass on both sides and now the transition is happening.
 
Oh and to elaborate a little further - I can invest in the most bleeding edge security technology, but the weakest link is always where the breaches happen... which as always been at POS and the merchants. So if you want to whine about antiquated technology you are on the bandwagon damicatz, hop on the bash merchants bangwagon...
 
damicatz said:
Perhaps the banks should stop using obsolete technology on their credit cards.
Click to expand...
They already have. Credit card alliance in the United States agreed to go to the Chip/EMV tech no later than October 2015.

As far as the Target Data breach, Target is liable. The breach occurred because they were allowing their HVAC company network access and didn't properly secure their own network. The original malware got in through that access to the main systems, then the criminals pushed it all the way to the cash registers themselves to begin skimming the card numbers being used.
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
http://bgr.com/2014/03/13/target-data-hack-how-it-happened/

Would EMV tech have helped? Yes and no. It would have prevented them from skimming the actual card numbers at the registers. However, the criminals had full access to Target's network, so who knows where they could have gone from there. They could have just as easily started breaking into their website and stealing card numbers since EMV is not used when a customer has to key in the card number.
 
Yeah, I have my new EMV card....that still has a magstripe on it. So sure, if I put it into an EMV reader it's more secure, but it still has the same vulnerability built in.

And it is very much a merchant/POS adoption issue at this point. The big retailers I have no sympathy for, but I do have sympathy for all the mom and pop shops needing to spend a decent chunk of change to upgrade.
 
CaptNumbNutz said:
They already have. Credit card alliance in the United States agreed to go to the Chip/EMV tech no later than October 2015.

As far as the Target Data breach, Target is liable. The breach occurred because they were allowing their HVAC company network access and didn't properly secure their own network. The original malware got in through that access to the main systems, then the criminals pushed it all the way to the cash registers themselves to begin skimming the card numbers being used.
http://krebsonsecurity.com/2014/02/target-hackers-broke-in-via-hvac-company/
http://bgr.com/2014/03/13/target-data-hack-how-it-happened/

Would EMV tech have helped? Yes and no. It would have prevented them from skimming the actual card numbers at the registers. However, the criminals had full access to Target's network, so who knows where they could have gone from there. They could have just as easily started breaking into their website and stealing card numbers since EMV is not used when a customer has to key in the card number.
Click to expand...

Because I am part of the class I have read the court documents filed laying out more detail. [CYA Disclaimer - this is my understanding of what was filed although I believe it to be accurate] The funny thing is that target had been informed of potential risks in their POS system and had recently contracted a more sophisticated third party to monitor their network activity, for lack of better description - managed services (the name of the company escapes me).

Early in the relationship the 3rd party informed internal IT management of unusual network activity. IT (middle management) escalated up the chain yet the situation was ignored. The activity they were seeing was the criminals scoping the network prior to any payload being deployed. This was (see disclaimer) days prior to the actual payload being deployed and even after the malware was active it collected the information prior to transmitting it back to the criminals. At some point between the initial notification and the data being transmitted concerns were once again brought to management. I believe that may have been an internal concern, but once again it was ignored.

I have to work more tonight so when I do I will browse court filing docs I have saved and amend anything inaccurate. But in the end Target had multiple opportunities to at very least limit it's customers exposure in the data breach. They tried to make a BS settlement to limit the amount of entities in this class action lawsuit which did them no favor with FI's (If I posted what they offered me you guys would be shocked). The banks and credit union's had to foot the bill. Now this doesn't hurt the megabanks, those who don't care about their customers, but the small to mid to even large-ish community banks and credit union's took massive losses due to their negligence.
 
TwistedAegis said:
Yeah, I have my new EMV card....that still has a magstripe on it. So sure, if I put it into an EMV reader it's more secure, but it still has the same vulnerability built in.

And it is very much a merchant/POS adoption issue at this point. The big retailers I have no sympathy for, but I do have sympathy for all the mom and pop shops needing to spend a decent chunk of change to upgrade.
Click to expand...

All that is going to happen is that the criminals will shift to a less secure network, almost certainly being online. What EMV will do is basically eliminate card present fraud and make it much more risky for the uninformed/illiterate to shop online which shifts to card not present fraud. The bitch about that is FI's (sorry I don't know if I defined that yet, Financial Institutions) almost always cover the cost of card not present fraud.

Guess what that means for consumers... the largest banks finding out ways to make that lost income up and the rest of the industry following suit to stay competitive and survive. It'll be the same as the result of Dodd Frank in which "older" forum members will remember - 2010+ and the increase in service fees (although some of those have been retracted due to an exodus to credit unions in 2012-2013, but believe they are getting the income somewhere most likely their higher loan rates for the uninformed. Eventually most credit unions eventually brought fees up albeit not to that level as regulatory bodies limited the ability to generate NII).

What I'm trying to get at is support your community banks and credit union's, and make sure you aren't directing anger towards these organizations. Almost always it's the merchants that are at fault and/or the megabanks giving the industry a bad reputation. I've been a part of an executive team that has worked at reestablishing two credit union's that were struggling, not by raising fees or taking away from the membership, but by changing company culture. The best way to make income is to make sure that every member is taken care of, from the "worst" member (E credit un-loanable, but lets help this person get back on track) to saving money for the "best" member (A credit, low risk, low return). Find a good community FI and stick with them - if management is strong they will always look to your best interest.

And now I'll apologize for ranting, TL:DR my 5 posts. But this does matter and I care. The NCUA and FDIC would love to consolidate all the small and midsized FI's and for very good reason; it's MUCH easier for them to manage their insurance funds. This would be horrible for the consumer. Us smaller guys still care and want to take care of customer/member base. Almost all offer the same services and products as BoA, but public perception is we don't.
 
I promise this is my last post unless someone wants discussion lol.

Food for thought on how this industry is going; 20 years ago there were 20,000+ credit unions, today there are about 6,500 and the number of credit union's going away on a year over year basis is increasing. If it continues 20 years from now you will have a choice of nameless faceless bank A, B, C depending on your region. No consumer wants that...
 
I, for one, thank you for your posts haste.

good information in there
 
haste. said:
hah you are the same one that posted on ATMs yesterday that had to be corrected, so I'll help you with this as well... a) this had nothing to financial institutions. Target was informed of the breach by their 3rd party managed services/security vendor and took no action. It was a hole in TARGET's POS technology. b) the reason that we are behind in EMV certification is because of colossal expense and no monetary reason for the MERCHANT's and CARD PROCESSOR's to become EMV compliant. Banks and CUs can't just turn on EMV, there has to be infrastructure in place. Regulation put in place to shit liability to the lowest common denominator starting in October has put a fire under the ass on both sides and now the transition is happening.
Click to expand...

And if they had been using EMV, the breach in their POS wouldn't have allowed the attackers to gain credit card numbers.
 
damicatz said:
And if they had been using EMV, the breach in their POS wouldn't have allowed the attackers to gain credit card numbers.
Click to expand...

Yes, if TARGET had been using EMV it would have eliminated the "weakest link", there was nothing any financial institution could have done to prevent that which is who you have been blaming. I could have launched EMV 10 years ago, but if the MERCHANT's aren't equipped to accept it there are no added levels of protection. Target was not able to accept EMV at time of breach and is still not able to accept debit EMV at most locations (they are in testing phase, last I heard on a conference call was 4 retail locations but that may have increased).
 
jojo69 said:
I, for one, thank you for your posts haste.

good information in there
Click to expand...

Even though I'm still a fairly young buck, I've been in the industry for well over a decade now and I appreciate that you found my posts informative. I'm on the Credit Union side, but I truly do believe that, in general, community banks and Credit Union's have their customer/members interests in mind.

On the Credit Union side we are not-for-profit cooperatives; much of our income is reinvested in our membership in rates and services. We don't have to pay stockholders as our shareholders is our membership, so other than to ensure that we are properly maintaining our net worth in relation to growth (equity is built by income and net worth is equity/assets) we reinvest our income back into membership. The CU motto is "People Helping People" and most of us hold true to it.

There are a few CU's that have become large enough to start behaving like large banks (Navy, Pentagon, and SchoolsFirst nationally; I have Wings Financial, AffinityPlus and USFed locally which behave like regional banks, but there's a few big time players as they say to "name a few") - they still are offering better rates and likely better service than your too big to fail banks. Navy is the largest CU in the land and I believe is $60B in assets vs. BoA which is a couple trillion in assets. I've worked in management in the $100-500MM asset range and at that size our member service reps still know many members by first name.

I do want to say that large regional/national banks can certainly offer good service. USBank is a prime example of that, both to their customers and staff. They treat their staff well, much like CU's do although they have the ability to pay more. Credit Union's typically offer lots of paid time off, great benefit packages, flexible work schedules, but lower salaries once you pass the most basic functions of the organization. USBank skated through all the Dodd Frank regulation because they weren't doing the shady things to generate income so many large banks were. I have been recruited by them to work in Accounting/Compliance, but have passed because I am committed to and believe in the Credit Union movement... might have been a stupid move (multiple times) as I probably could have made significantly more money, but I decided long ago to stick in the CU world and avoid the corporate structure and bureaucracy of a $400B bank.
 
You must log in or register to reply here.
Back
Top