Big-box retailer Target is facing at least 11 lawsuits for a data breach which occurred on the corporation's servers from November 27 to December 15.
While these lawsuits have been filed by shoppers from Massachusetts to Minnesota (Target's home state), the suits share one thing in common: allegations that Target was too slow in alerting customers to the breach, reports Inside Counsel.
But can Target and other retailers really be held liable for customer damages caused by data breaches?
Target Data Breach Lawsuits
Of the 11 lawsuits seeking compensation for Target's role in the data breach, all of them allege that Target's negligence "directly resulted in [customers'] loss of funds and credit," reports Inside Counsel.
Although the hackers actually responsible for causing the data breach will certainly face crimial charges if caught, Target could potentially be held at least partly responsible for not mitigating the digital attack.
These suits make the common complaint that Target, in failing to protect its customers' data, failed to act as a reasonable corporation would and breached its duty to its customers.
If these suits head to trial, then courts will need to consider, given the circumstances of the breach, whether Target took reasonable steps to:
- Safeguard its customers' data from attack,
- Mitigate damages after the data breach, and
- Promptly inform affected customers about the issue.
Many of the lawsuits take issue with Target's allegedly sluggish response in notifying customers of the data breach. The retailer's offer of a store discount and "free" credit reports isn't exactly soothing tempers.
What Can Companies Do to Reduce Data Breach Liability?
A likely result of data breaches is customer ID theft, which can become a major issue -- especially if you've outsourced your data storage to a third party. Since most companies don't have the liability insurance to deal with a massive breach like Target's, a smart employer will spend time and money beefing up his or her company's digital security.
One easy way to prevent data breaches is to properly train your employees. Even a simple presentation on the dangers of "spear-phishing" or email attacks can prevent workers from becoming the unwitting portal to your customers' personal data.
Some cyberattacks on a company are almost unavoidable. But as an experienced business lawyer may tell you, the more a company takes steps to prevent or mitigate damage from data breaches, the less likely a court is to find it liable for damage to customers' credit or finances.
Follow FindLaw for Consumers on Google+.