Tuesday, March 3, 2015 - Target failed to recoup almost 40,000 documents they claim were shared inadvertently during multidistrict litigation focused on their 2013 data breach. Target claims the documents, which the retailer says contains privileged information, were not meant to be be made available to the court and requested for their contents to be returned by the plaintiffs.
U.S. District Court Judge Jeffrey J. Keyes ruled against the immediate return of the documents requested with Target‘s use of a clawback provision. The judge claimed that this process would be not only be burdensome to the plaintiffs, but that there was no arguments put forth by the defendants that justified the legal grounds for their return.
The plaintiffs claimed in a February 16 motion that they should not have to return the documents, which totaled to more than 150,000 pages, saying that Target either acted recklessly or purposefully in surrendering the information. They also pointed out that the same information was offered to the Federal Trade Commission and the U.S. Securities and Exchange Commission, facts that they claim supersedes Target‘s argument that the documents were privileged.
Target countered by claiming that the assertions put forth by the plaintiffs were only speculative and that no proof of their intentions could be produced. The judge ruled that Target can continue to offer evidence to the court arguing that the dissemination of the documents was inadvertent and that there remains a legal precedent for their retrieval.
The data breach at the heart of the MDL occurred over a three-week period during the 2013 holiday season. A group of online hackers gained access to the retailer‘s computer system and stole credit card numbers or other personal information from more than 100 million customers. In August, Target reported that costs related to the data breach reached over $148 million in the second quarter of 2014. The breach itself has been labeled as one of the largest to take place in the U.S. Target‘s former chief executive, Gregg Steinhafel, resigned in May in the wake of the data breach.
The lawsuits that grew from the revelations of the data breach were transferred into multidistrict litigation in April of 2014. Arguments made by the plaintiffs in the MDL include violations of consumer protection laws for not adequately protecting their customers from cyber attacks and failing to alert those put at risk of the potential danger of the data breach in an appropriate amount of time. The plaintiffs also feel that Target was negligent in its failure to inform customers about the vulnerability of its security systems. The company has already agreed to assist customers who were affected by the data breach with a year of free credit screening services.
Lead counsel appointed by Target to defend the company in the MDL were recently tapped by Home Depot to represent the home improvement retailer in its own data breach case. Both of the companies are faced with well over 50 million affected customers and settlements that have not yet begun to take shape.