Target's 10% discount not a big enough apology for data breach, local shopper says

A man who says he used his American Express card to buy stuff at the Somerville Target on Dec. 1 is now seeking more than $5 million from Target to compensate him and other Massachusetts Target customers who may have had their credit-card information stolen.

In a lawsuit filed this week in US District Court in Boston, Daniel Heller, who describes himself as "a regular shopper" at Target, wants to become the lead plaintiff in a class-action lawsuit against Target for the breach, in which as many as 40 million credit-card records were stolen by devices installed on card readers in Target stores to grab "track data" from their magnetic strips.

Heller charges the devices could only have been installed through Target negligence and so he is seeking damages, penalties and lawyer's fees.



Free tagging: 

Heller complaint104.03 KB


umm k

I skimmed the complaint.. but according to a Globe Paywall article dated 12/25.

Target has yet to tell how the hackers got credit card information, so I'd like to know how he and his team of lawyers know that "devices installed on card readers in Target stores to "Track data' from magnetic strips" for certain.

Also, not so sure what he's whining about, he used a American Express, which probably cancelled his card, refunded all fraudulent charges, and overnight'd him a new card. Far better than what most banks are doing..

Third, As I keep reading stuff about this, Target's situation is not unique, and he would have been better off suing American Express for negligence because better technology exists than magnetic stripes, and its widely used in Europe. Why don't we use it here? Because the card companies say that they want the merchants to pay for upgrades to a system that was created in the 1970's, while merchants want the credit card processors to pay for it because without it they can't process credit cards. Both merchants and card companies have been bickering about this for years. He would have been better off suing AmEx to force them to upgrade their 1970's technology.

Fourth, the complaint also doesn't say if his information was stolen or not, it just says he was apart of the people who had shopped their during that time frame (as I did myself). If his information was stolen, sure.. sue away, but if you're doing it just to be 'firsties' to file a lawsuit.. seriously. People have far too much time on their hands.

Fifth, if he's complaining that Target didn't notify customers. Really? Last time I checked, Target does not collect mailing addresses or phone numbers. Target err'd on the side of caution because they don't want start a hysteria (which is what happened anyways).

On a side note, I was at Target on Monday shopping (because I am insane to do so before Christmas), and I'm still wondering how hackers succeeded in getting stripe information. It must of been done on the network and not on the physical machines themselves (externally), as it would be hard not to miss a skimmer. And if it was software ON the device themselves, PIN information would also have been captured. It just seems to be silly to load malicious software onto a machine and NOT take the most important thing, the PIN number. The PIN would have allow for cash withdrawals, which would be easier to steal from and not be tracked vs doing actual purchases of things. *shrug*

I just think this guy has far too much time and money on his hands and will just clog up the court system with lawsuits like this.


disgusting display

This guy used American Express. By law, worst case, he lost $50. This lawsuit is a disgusting display of what is wrong with our court system and with our society. He is the worst kind of opportunist. I hope the karma bus hits him hard some day soon.


Well, small but widespread

Well, small but widespread harm is exactly what class action suits are meant to deal with. This breach seems to have affected around 40 million people in the US If Target was negligent in protecting this information -- and it will take a trial to determine if they were negligent -- why should they get away with causing a minimum of $200 million of damages to customers just because each individual customer wasn't harmed enough to justify each suing independently? (Which would needlessly clog the court system anyway) And the damages might be higher, because not everyone will have a credit card with the $50 liability.

I don't think this guy is as bad as you say, at least not just for this.

Target had a boo-boo, it has

Target had a boo-boo, it has happened in the past to other merchants. Call your credit card company , cancel your card and get another. Sign up for one of the free credit score reports and watch your bill. Sheesh , shit happens , pitch in and help yourselves. Next whine , UPS and ect. overwhelmed with volume , hamstrung by weather , expect that to happen in the 3 dimensional world, and compensate next time. Not everything is as simple and instantaneous as the click of the mouse . Its all reality , shit happens !


Target is the tip of the iceberg

I've gotten two letters from Nordstrom in the past couple of months letting me know that my online account might have been attacked. After the second time, I closed it.

Then I got the Adobe email. Logins and passwords for thousands of accounts were stolen. Adobe doesn't have any of my credit card information so it's not that they were worried about their accounts. They know that a lot of people use the same password across accounts because they're lazy. I spent hours going through every online account I could think of and changed my passwords to randomized ones.

The Adobe one seemed to be for fun more than anything else. One Saturday afternoon I got hundreds and hundreds of spam emails in the email account I used there. Har de har har.

This is just the beginning of the Brave New World. I'm about ready to get my tinfoil hat ready.


Thanks, Mittens!

Yeah, because corporations are people too! You don't think millions of people are already doing watching their credit card bills and many canceling their credit cards? Target had a boo-boo? Grow up.


Is it reasonable to fear such

Is it reasonable to fear such people as Daniel? Like getting sued for something silly like that and having worst luck and losing law suit? Like u get rear ended by someone who ends up suing YOU or buying someone a drink and they fall and "get hurt" and you get sued for buying drink that caused injury from fall? You know what I mean? This is a problem that someone like this man would even stand a chance at 5 million for this absurd law suit. Feel like people in Boston are prime to sue a hard working person for no good reason..

Target should go for summary judgement...

... against this bozo. I'd say he lacks standing (show me what he actually lost), and his facts are utterly incorrect.

Point-of-Sale validation systems decrypt and analyze the account number, route the encrypted transaction information to the correct financial institution for approval, and route the approval/declination back to the transaction machine. This is what was breached. There had to be one or more employees who had access to the system to install the skimming backdoor into software (not hardware, see), and it's likely that the employee is a former employee. Probably left whichever company (Target could do this in-house, own a subsidiary that runs POS and other IT functions, or outsource completely) more than 9 months ago, with notice, because they told their employer they'd gotten a better job. Target, like every other business, can only take reasonable precautions; assuming that every IT employee is an embezzler will quickly leave you without any IT employees.

For those complaining that Chip-n-Pin would have solved this, no, since the breach is at the validator which is 'way beyond the physical inputs.

Sounds plausible it might be a former Target employee

I think you may be onto something with regards to a former employee. I think he was looking for the last hurrah to stick it to his employers, to say to them, "I can take 40+ million accounts to show you that your financial security infrastructure is not safe, and if I have to cause panic with customers and chaos in the banking infrastructure and force them to change, I'll do it."

I wish this incident would

I wish this incident would motivate the creation of a new credit processing system which
1) was secure, and
2) didn't impose a hidden 2.5% tax on the economy.

The existing system is an oligopoly -- stores have no choice, since the existing cards are what shoppers have in their wallets. A new system with low startup costs because it uses existing internet data links could bust the cartel, but it would need some incentives to get consumers to sign up.