A shareholder of Target Corp. has filed a derivative complaint against the retailer’s directors and officers for their alleged failure to implement appropriate cyber security measures and for “bungling” the aftermath of a breach late last year.
Florida’s Maureen Collier, on behalf of Target, filed the suit Jan. 29 in federal court in the retailer’s home state of Minnesota.
The nearly 50-page suit seeks monetary damages and injunctive relief in the form of corporate reforms “to prevent future harm to the company by disloyal directors and officers,” on claims of breach of fiduciary duty, gross mismanagement, waste of corporate assets, and abuse of control.
Collier claims misconduct from 14 named defendants—including CEO Gregg W. Steinhafel, CFO John J. Mulligan and Chief Information Officer Beth M. Jacob.
Target “failed to maintain proper internal controls, cause the company to release false and misleading statements, cause the company to pay large sums of money for credit-monitoring services for affected customers, cause the company to be exposed to millions of dollars of potential liability in class-action lawsuits, and substantially damaged the company’s sales during the 2013 holiday season, it market capitalization, goodwill, consumer confidence and brand trust,” said Collier.
Fourth-quarter sales were stronger-than-expected before Target went public with news of the data breach, the company said. Since, sales are “meaningfully weaker-than-expected.” Target told investors to expect a decline of 2 percent to 6 percent for the rest of the year.
Target disclosed its breach on December 19. The third-largest retailer in the US had its point-of-sale systems hacked from November 27 to December 15. Originally Target said the data breach affected 40 million debit and credit cardholders. But on Jan. 10 the retailer said as many as an additional 70 million customers had personal information compromised by the breach.
Target also release misinformation on whether hackers stole personal identification numbers and an email meant to offer free credit monitoring was copied by scammers and used to trick recipients into sending credit information.
The directors and officers “aggravated the damage to customers by failing to provide prompt and adequate notice to customers and by releasing numerous statements aimed to create a false sense of security to affected customers,” Collier said in the court documents.
On December 18, a day before the data breach disclosure, shares of Target were selling at $63.55. Shares closed at $56.64 on January 31, down about 10.9 percent.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
