During the holiday season, Bullseye, a big box retailer, was the victim of a cyber attack that compromised the credit and debit card information (including PIN and CVV codes) of nearly 40 million of its customers. The attack immediately spawned dozens of class action lawsuits against Bullseye by customers, alleging that the retailer was negligent in protecting their financial information. What liability does Bullseye face and what can be done to mitigate that exposure?
On a brisk January day, Mary A. Richman opened her mailbox and was confronted with the sobering sight of thick envelopes from Visa, American Express and MasterCard each containing a month’s worth of extravagant Christmas purchases. Although she expected the bills to be large, she didn’t expect them to be this large. When she carefully reviewed the charges, the weather wasn’t the only thing giving Richman the chills. She quickly noticed entries for businesses with which she was unfamiliar, including a $1,200 Visa charge on December 25th for a bar in Chihuahua, Mexico called Tequila Mockingbird. Richman lost her Visa card on December 21st, but never reported it. Is Richman liable for the unauthorized charges?