Skip to main content
Edit Page Style Guide Control Panel

Target Data Breach Class Action

About this Case

TMLG has filed a class action lawsuit on behalf of consumers against Target Corporation (“Target”) for failing to implement and maintain reasonable security procedures and practices, compromising the financial and personal information of its customers. Approximately 40 million credit and debit card users who purchased products from Target between November 27 and December 15, 2013 were affected by the data breach. News of the breach was first published by blogger Brian Krebs of on or about December 18. 2013, before Target made any attempt to notify its affected customers. As widely reported by multiple news services on December 19, 2013, “investigators believe the data was obtained via software installed on machines that customers use to swipe magnetic strips on their cards when paying for merchandise at Target stores”. Such information allows thieves to manufacture counterfeit cards by encrypting victims’ data onto any card with magnetic strips. The thieves may also have accessed PIN numbers, granting them access to customers’ bank accounts. Plaintiffs allege, were it not for Target’s negligence, the breach would not have occurred.

After the news broke, Target published a statement on their corporate website, as opposed to their shopping site – the site regularly accessed by customers – confirming “that the information involved in this incident included customer name[s], credit or debit card number[s]… the card[s’] expiration date[s] and CVV[s] (the three-digit security code)”. In its statement, Target assured consumers that they “have identified and resolved the issue,” conveying a false sense of security.

The Federal Trade Commission (“FTC”) urges prompt action at the sign of potential identity theft. For more information on recognizing identity theft, please visit:

Similarly, you may find information on how to repair identity theft at:

Case Status

In 2015 this case settled for $10 million to be distributed to class members and representatives. Target also agreed to provide injunctive relief, including but not limited to implementing changes relating to its information security program, naming a high-level executive to coordinate the program, maintaining processes for managing information security risks, responding to events determined to present a threat to security, and establishing security training protocols to relevant Target employees.

The deadline for filing a timely claim has passed and all eligible claimants have been paid.

Case Documents

Class Action Complaint

Order Certifying Settlement Class, Preliminarily Approved


Settlement Agreement

Case Contact Information

Phone: (866) 680-5931


Class Counsel