TAMPA — Target's trouble over its loss of customers' credit card data has quickly caught the attention of attorneys, with new lawsuits brought by a Tampa woman and at least a half-dozen other lawsuits around the country.
The Tampa woman, Maria Cruz, claims the Minneapolis-based retailer failed to safeguard her sensitive information and exposed her to potential fraud. Meantime, the federal government is stepping up its probe into Target's data breach.
U.S. Sen. Richard Blumenthal, D-Conn., has asked the Federal Trade Commission to look into whether Target had lax security, while Target revelealed Monday it is working with the U.S. Department of Justice and the Secret Service to investigate the malicious software, or malware, that enabled the theft.
Target has tried to make amends for the theft of customer data, which compromised the credit and debit information of 40 million customers. It offered customers a 10-percent discount on Saturday and Sunday and it promised its customers that they would not be responsible for any card fraud and that it would pay for affected customers' credit monitoring costs.
Still, the data breach quickly spawned litigation. Cruz filed a lawsuit against Target Friday in U.S. District Court in Tampa seeking “class-action” status, which would allow her lawsuit to represent thousands or millions of other Target shoppers who had their payment card information stolen. Media reports indicate Target customers filed at least two such lawsuits in Minnesota, and one each in Portland, Ore., San Francisco, Chicago and Montgomery, Ala.
Little information about Cruz was included in the Tampa lawsuit and one of her Orlando-based attorneys, Jack Cook, would only say that she shopped at Target using either a Visa or MasterCard some time between Nov. 27 and Dec. 15, the period during which customers' information was stolen.
So far, Cruz hasn't actually found any fraudulent charges, Cook said. Still, because of Target's failure to follow appropriate security policies she faces the threat of identity theft in the future.
“That puts Ms. Cruz in a position where her credit is potentially affected for what could be a period of years,” Cook said.
The attorney suggested thieves also could use Cruz's stolen information to apply for new credit cards in her name, but one consumer advocate discounted that idea. In the Target data theft, the thieves got customers' names, card numbers, expiration dates and other information embedded in the cards' magnetic stripe. But, they did not get customers' Social Security numbers, Target said.
Thieves likely wouldn't be able to apply for and receive a new bank-issued credit card in someone else's name without those Social Security numbers, said Eva Velasquez, chief executive of a nonprofit called the Identity Theft Resource Center.
For now, it appears there's a race by plaintiffs and their attorneys to get a lawsuit certified as a class-action case. Such cases can yield damage awards well into the millions, even if each individual plaintiff gets a small payout.
Edward Waller Jr., a Tampa lawyer who heads Fowler White's class action team, said plaintiffs must share similar circumstances to proceed in a class-action lawsuit. He was not that familiar with the Target litigation and didn't want to comment specifically about it.
However, certain victims of the Target data theft have experienced fraudulent charges on their credit cards or debit cards, while others only face the potential for fraud. The question is whether a judge would see their stories as similar enough to certify a class-action case, Waller said.