Dec 19 (Reuters) — A U.S. judge has cleared the way for consumers to sue Target Corp over the retailer’s late 2013 data breach that they say compromised their personal financial information.
U.S. District Judge Paul Magnuson in St. Paul, Minnesota, on Thursday dismissed claims by plaintiffs in certain states but largely denied Target’s request to toss the proposed class action lawsuit.
Magnuson rejected Target’s argument that the consumers lacked standing to sue because they could not establish any injury.
“Plaintiffs’ allegations plausibly allege that they suffered injuries that are ‘fairly traceable’ to Target’s conduct,” Magnuson wrote.
Neither a Target spokeswoman nor a lawyer for the plaintiffs responded to request for comment.
Target has said at least 40 million credit cards were compromised in the breach, which may have resulted in the theft of as many as 110 million people’s personal information, such as email addresses and phone numbers.
The ruling followed a similar decision by Magnuson earlier this month allowing banks to move forward with a lawsuit to recoup money they spent reimbursing fraudulent charges and issuing new credit and debit cards because of the breach.
Thursday’s ruling pertained to consumers who used their credit or debit cards at Target during the period of the breach and had their information compromised, causing them unauthorized charges, lost account access, fees and credit monitoring costs.
In his ruling, Magnuson dismissed claims brought under deceptive trade practices laws in three states and said a class action could not be maintained for claims under consumer-protection statutes in another 10 states.
Magnuson also dismissed claims under data-breach notice laws in nine states after the plaintiffs withdrew them in another three, and he tossed negligence claims brought under five states’ laws.