Shortly after the massive 2013 Target data breach, shareholders filed four derivative lawsuits against the company’s directors and some of its officers (13 CARE 624, 3/20/15). The shareholders alleged that the defendants had breached their fiduciary duties in not preventing and detecting the breach, and in failing to adequately disclose and otherwise respond to the breach.

Now, more than 18 months after the breach, the derivative suits have been consolidated, and the Board’s Special Litigation Committee continues to investigate the allegations. In a recent filing, the Committee reported that it had met 75 times, reviewed thousands of documents, and conducted approximately 60 interviews, with more work to come, including consultation with experts regarding corporate governance and cybersecurity.

Originally published in Corporate Law & Accountability Report - August 14, 2015.