August 24, 2014

Michaels damages case dismissed

July 29, 2014 – An Illinois district court dismissed the class action suit against Michaels Stores Inc. seeking damages from the chain's data security breach earlier this year, on the grounds that "actual economic damage" had not been proven.

According to BankInfoSecurity, U.S. District Judge Elaine Bucklo said the six plaintiffs had not proven their alleged monetary losses related to the breach. The breach potentially affected as many as 3 million payment cards between May 2013 and February 2014.

BankInfoSecurity noted that "class action lawsuits filed by consumers in the wake of card breaches are increasingly dismissed by U.S. courts."

In related news, Experian, the credit bureau recommended by Target to its customers after its massive data security breach last year, has had data security problems of its own, according to CNN.

After 110 million customers were affected by the Target breach, the company referred them to Experian for "identity theft protection," offering to pay for a year of Experian's services for the affected customers. However, CNNMoney noted last week that Experian had its own data breach before the Target incident:

"Experian unknowingly sold the personal data of millions of Americans – including Social Security numbers – to a fraudster in Vietnam. That guy then sold the personal information to identity thieves around the globe. It wasn't until U.S. Secret Service agents alerted Experian that the company stopped."

CNN says Experian has refused to say how many customers were affected, more than a year after the breach.

NAFCU was the first financial trade association to call for a national standard for retailers after the Target breach, and continues to work with Congress to pass such legislation, which would include mandated disclosure of data breaches in a timely manner.