The lawsuits started almost immediately after Target’s admission that hackers had stolen information related to the credit-card accounts of 40 million shoppers. At least 11 customers are now pursuing class-action suits against the retailer, claiming it was negligent in protecting their data.
Losing control of sensitive customer data is a fact of life for American companies. They’re collecting more of it, and they are often outgunned by hackers, who are highly motivated to get at it. It’s not even clear how much legal responsibility they have to protect it. “There is limited judicial guidance on what constitutes negligence in the cybersecurity area,” says Craig Newman, a partner at Richard Kibbe & Orbe who follows legal issues related to security.