Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 1 of 11

CHARLES H. THRONSON (3260) CThronson@parsonsbehle.com J. MICHAEL BAILEY (4965) MBailey@parsonsbehle.com RICHARD E. MRAZIK (10623) RMrazik@parsonsbehle.com ecf@parsonsbehle.com PARSONS BEHLE & LATIMER 201 South Main Street, Suite 1800 Salt Lake City, UT 84111 Telephone: (801) 532-1234 Facsimile: (801) 536-6111 Attorneys for Plaintiffs IN THE UNITED STATES DISTRICT COURT DISTRICT OF UTAH, CENTRAL DIVISION CHRISTINA L. ROTHSCHILD, CHRISTINE F. ROTHSCHILD , WENDY SUE JACKSON, KATHERINE B. ROBERTS, and KELLI ANN FRANDSEN, on Behalf of Themselves and All Others Similarly Situated, Plaintiffs, vs. TARGET CORPORATION, a Minnesota Corporation, Defendant. JURY TRIAL REQUESTED

CLASS ACTION COMPLAINT

Case No. 1:13-cv-00178-EJF Magistrate Judge Evelyn J. Furse

Plaintiffs CHRISTINA L. ROTHSCHILD, CHRISTINE F. ROTHSCHILD , WENDY SUE JACKSON, KATHERINE B. ROBERTS, and KELLI ANN FRANDSEN (collectively, Plaintiffs), on behalf of themselves and all others similarly situated, by and through counsel, complain against Defendant Target Corporation (Target), request a jury trial, and allege as follows:
4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 2 of 11

NATURE OF THE ACTION 1. This action arises from what may be one of the largest data security breaches ever

to occur in the United States. On December 19, 2013, Target publicly announced that it failed to maintain adequate data security over customer credit card and debit card data that was accessed and stolen by computer hackers. The sensitive customer information was stolen from Targets computer network, which handles a wide range of financial information for millions of customers including, inter alia, credit cards, debit cards linked to checking accounts, and transactions for its merchandise. 2. Plaintiffs bring this class action suit on behalf of themselves and all other persons

and entities in the United States to redress Targets failure to adequately safeguard certain credit card and debit card information and related data. Such information included, but upon

information and belief was not limited to, the putative Class Members (hereinafter Class Members) names, credit or debit card number, the cards expiration date, and the cards CVV (a three- or four-digit security code) (Personal Information). 3. Target has admitted publicly that between November 27, 2013, and December 15,

2013, credit and debit cards in its United States stores were compromised, with the result that Personal Information of Plaintiffs and Class Members was used or is at risk of use in fraudulent transactions around the world. Target has expressly identified the danger and/or occurrence of suspicious and unusual activity threatening Plaintiffs and Class Members, including misuse of credit and debit information, and incidents of fraud and identity theft. 4. Upon information and belief, Target operates nearly 1,800 stores nationwide, and

Targets security failures affected the credit and debit card of millions of customers, including

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 3 of 11

Plaintiffs and Class Members. Target has publicly stated that approximately 40 million credit and debit card accounts may have been affected by the security breach. JURISDICTION 5. This Court has original diversity jurisdiction over this action under 28 U.S.C.

1332(a) and (d) in that this is a class action in which the amount in controversy exceeds the sum of $5,000,000, exclusive of interest and costs, and in which numerous members of the proposed class are citizens of a state other than Defendant. 6. This Court has personal jurisdiction over Defendant pursuant to Utah Code Ann.

78B-3-205 in that at all relevant times, Defendant (a) transacted business in the state of Utah; and (b) caused injury within the state of Utah. PARTIES 7. 8. 9. 10. 11. 12. Plaintiff Christina L. Rothschild is a citizen of Davis County, State of Utah. Plaintiff Christine F. Rothschild is a citizen of Davis County, State of Utah. Plaintiff Katherine B. Roberts is a citizen of Salt Lake County, State of Utah. Plaintiff Wendy Sue Jackson is a citizen of Salt Lake County, State of Utah. Plaintiff Kelli Ann Frandsen is a citizen of Salt Lake County, State of Utah. Defendant Target is a corporation organized under the laws of the State of

Minnesota, with its principal place of business in Minneapolis, Minnesota. Target owns and operates stores throughout the United States, including in the State of Utah. FACTUAL ALLEGATIONS 13. Plaintiff Christina L. Rothschild was a customer at a Target store in Centerville,

Utah, on November 27, 2013, and made an in-store purchase of $40.78 using a MasterCard

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 4 of 11

Credit Card. Ms. Rothschild also was a customer at a Target store in Layton, Utah, on December 9, 2013, and made an in-store purchase of $46.11 using a MasterCard credit card. 14. Plaintiff Christine F. Rothschild was a customer at a Target store in St. George,

Utah on December 11, 2013 and made an in-store purchase of $52.49 using a CitiCard credit card. 15. Plaintiff Wendy Sue Jackson was a customer at a Target store on December 13,

2013, and made an in-store purchase of $53.66 using an American Express credit card. 16. Plaintiff Katherine B. Roberts was a customer at a Target store on December 1,

2013, and made an in-store purchase of $174.32 using an American Express credit card. 17. Plaintiff Kelli Ann Frandsen was a customer at a Target store in Salt Lake City,

Utah, on December 2, 2013, and made an in-store purchase of $25.09 using an American Express credit card. Ms. Frandsen also was a customer at a Target Store in Sandy, Utah, on December 7 and December 14, and made in-store purchases of $19.34, $75.41, and $22.79 using an American Express credit card. 18. On December 19, 2013, Target publicly announced that it discovered that its

computer system had been compromised in all their U.S. stores and that anyone who made credit or debit purchases from November 27, 2013 to December 15, 2013 had their name, credit and/or debit card number, the cards expiration date and the CVV compromised by a serious security breach (the Breach) that occurred when an unauthorized intruder or intruders gained access to Targets payment card data. 19. On December 20, 2013, Target acknowledged via an email to customers that third

parties had gained unauthorized access to Target payment card data. It acknowledged that

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 5 of 11

customers may experience inconvenience as a result of the Breach, and that the Breach could impact customers privacy and financial well-being. 20. Upon information and belief, Targets Breach affected the credit and debit cards

of approximately 40 million customers, including Plaintiffs and Class Members, who shopped at U.S. Target stores between November 27, 2013 and December 15, 2013. 21. The Breach resulted in the theft and/or compromise of private, nonpublic personal

and financial information belonging to millions of Target customers, including Plaintiffs and Class Members, that has left them exposed to fraud and identity theft. 22. The Personal Information of the Plaintiffs and Class members compromised by

the Breach includes, without limitation, information that was improperly stored and inadequately safeguarded in violation of, among other things, industry standards, rules and regulations. 23. Upon information and belief, Target failed to monitor and/or ensure its

compliance with such standards, statutes and/or regulations. 24. Upon information and belief, Target failed adequately to analyze its computer

systems for vulnerabilities that could expose cardholder data. Target further failed to fix the vulnerabilities in its computer systems, which allowed Plaintiffs and Class Members Personal Information to become compromised. 25. Upon information and belief, Plaintiffs Personal Information was compromised

as a result of Targets consumer data security failures. As a result of such compromise, Plaintiffs suffered losses and damages in an amount yet to be completely determined, as such losses and damages are ongoing.

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 6 of 11

26.

Target has not reimbursed Plaintiffs and Class Members for financial losses

caused by Targets security failures. 27. Plaintiffs and Class Members are subject to continuing damages from having their

Personal Information comprised as a result of Targets inadequate systems and failures. Such damages include, among other things, out-of-pocket expenses incurred to mitigate the increased risk of identity theft and or fraud; credit, debit, and financial monitoring to prevent and/or mitigate theft, identity theft, and/or fraud incurred or likely to occur as a result of Targets security failures; the value of their time and resources spent mitigating the identity theft and/or fraud; the cost of and time spent replacing credit cards and debit cards and reconfiguring automatic payment programs with other merchants related to the compromised cards; and irrecoverable financial losses due to unauthorized charges on the credit/debit cards of Target customers by identity thieves who wrongfully gained access to the Personal Information of Plaintiffs and Class Members. CLASS ACTION ALLEGATIONS 28. Plaintiffs bring this action on behalf of themselves and, under Fed. R. Civ. P. 23,

on behalf of the following class: All persons and entities within the United States who used credit and/or debit cards at Target stores between November 27, 2013 and December 15, 2013 and who had personal information stolen and/or compromised as a result of making Target purchases, and who are not employees, officers, directors, or agents of Target. 29. The members of the Class are so numerous and geographically dispersed that

joinder is impracticable. Target has publicly admitted that up to 40 million credit and/or debit cards may have been compromised, and the Class Members are geographically dispersed.

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 7 of 11

Disposition of the claims of the proposed Class in a class action will provide substantial benefits to both the parties and the Court. 30. The rights of each member of the proposed Class were violated in a similar

fashion based upon Targets uniform wrongful actions and/or inaction. 31. The following questions of law and fact are common to each proposed Class

Member and predominate over questions that may affect individual Class Members: (a) Whether Target failed to use reasonable care and commercially reasonable methods to secure and safeguard its customers private financial information; (b) Whether Target properly implemented security measures to protect consumers private financial information from unauthorized capture, dissemination and misuse; (c) Whether Target took reasonable measures to determine the extent of the security breach after it first learned of the same; (d) Whether Targets method of informing consumers of the security breach and its description of the breach and potential exposure to damages as a result of the same was unreasonable; (e) (f) Whether Target breached an implied contract with Class Members; Whether Plaintiffs and others Members of the Class are entitled to compensation, monetary damages, equitable relief and injunctive relief, and, if so, the nature and amount of such relief.

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 8 of 11

32.

Plaintiffs claims are typical of the claim of absent Class Members. If brought

individually, the claim of each Class Member would necessarily require proof of the same material and substantive facts, and seek the same remedies. 33. The Plaintiffs are willing and prepared to serve the Court and the proposed Class

in a representative capacity. The Plaintiffs will fairly and adequately protect the interests of the Class and have no interests adverse to, or which directly and irrevocably conflicts with, the interests of other Class Members. Further, Plaintiffs have retained counsel experienced in prosecuting complex class action litigation. 34. Target has acted or refused to act on grounds generally applicable to the proposed

Class, thereby making appropriate equitable relief with respect to the Class. 35. A class action is superior to other available methods for the fair and efficient

adjudication of this controversy because individual claims by the Class Members are impractical, as the costs of prosecution may exceed what any Class Member has at stake. 36. Members of the Class are readily ascertainable through Targets records of the

purchases made at its stores. 37. Prosecuting separate actions by individual Class Members would create a risk of

inconsistent or varying adjudications that would establish incomparable standards of conduct for Target. Moreover, adjudications with respect to individual Class Members would, as a practical matter, be dispositive of the interests of other Class Members. FIRST CAUSE OF ACTION (Negligence) 38. Plaintiffs repeat, reallege, and incorporate the preceding paragraphs of this

Complaint as if fully set forth herein.

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 9 of 11

39.

Upon coming into possession of Plaintiffs and Class Members Personal

Information, i.e., private, non-public, sensitive financial information, Target had (and continues to have) a duty to exercise reasonable care in safeguarding and protecting the information from being compromised and/or stolen. 40. Target also had a duty to put into place internal policies and procedures designed

to detect and prevent the theft or dissemination of Plaintiffs and Class Members Personal Information. 41. Target, by and through its negligent acts and/or omissions, breached its duty to

Plaintiffs and Class Members by failing to exercise reasonable care in protecting and safeguarding their Personal Information. 42. Target, by and through its above negligent acts and or omissions, further breached

its duty to Plaintiffs and Class Members by failing to put into place internal policies and procedures designed to detect and prevent the unauthorized dissemination of Plaintiffs and Class Members Personal Information. 43. If not for Targets negligent and wrongful breach of its duties owed to Plaintiffs

and Class Members, their Personal Information would not have been compromised. 44. Plaintiffs and Class Members have suffered actual damages including, but not

limited to, having their personal information compromised; incurring time and expenses in cancelling their debit and/credit cards; activating new cards and re-establishing automatic payment authorizations from their new cards; expending costs and effort to mitigate the harm, such as credit monitoring; and other economic and non-economic damages, including irrecoverable losses due to unauthorized charges on their credit/debit cards.

4821-1588-4567.3

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 10 of 11

SECOND CAUSE OF ACTION (Breach of Implied Contract) 45. Plaintiffs repeat, reallege, and incorporate the preceding paragraphs of this

Complaint as if fully set forth herein. 46. Plaintiffs and Class Members were required to provide Target with their Personal

Information in order to facilitate their credit card and/or debit card transactions. 47. Implicit in this requirement was a covenant requiring Target to take reasonable

efforts to safeguard this information and promptly notify Plaintiffs and Class Members in the event their information was compromised. 48. Similarly, it was implicit that Target would not disclose Plaintiffs and Class

Members Personal Information. 49. Notwithstanding its obligations, Target knowingly failed to safeguard and protect

Plaintiffs and Class Members Personal Information. To the contrary, Target allowed this information to be disseminated to unauthorized third parties. 50. Targets wrongful actions and/or inaction described above breached its implied

contracts with Plaintiffs and Class Members, which in turn directly and/or proximately caused Plaintiffs and Class Members to suffer substantial injuries. JURY DEMAND Pursuant to Federal Rule of Civil Procedure 38(b), Plaintiffs demand a trial by jury of all claims in this Complaint so triable.

4821-1588-4567.3

10

Case 1:13-cv-00178-EJF Document 2 Filed 12/23/13 Page 11 of 11

PRAYER FOR RELIEF WHEREFORE, Plaintiffs and Class Members pray that this Honorable Court do the following: A. Certify the matter as a class action pursuant to the provisions of Rule 23 of the

Federal Rules of Civil Procedure and order that notice be provided to all Class Members; B. Class Counsel; C. Award Plaintiffs and the Class compensatory damages in an amount to be Designate Plaintiffs as representative of the Class and the undersigned counsel as

determined by the trier of fact; D. E. F. Award Plaintiffs and the Class statutory interest and penalties; Award Plaintiffs and the Class appropriate injunctive and/or declaratory relief; Award of Plaintiffs costs of this action, together with interest on any award from

the date of injury at the legal rate until paid, interest on any judgment awarded herein at the legal rate until paid, and such other and further relief as the Court deems equitable and just; and G. Grant such other relief as is just and proper.

DATED December 23rd, 2013.

Respectfully submitted PARSONS BEHLE & LATIMER /s/ Richard E. Mrazik Charles H. Thronson J. Michael Bailey Richard E. Mrazik

4821-1588-4567.3

11