An update on the Target hack, banks are now suing to have Target financially liable for the losses because of their security failings.
There’s a timeline of their alleged failings starting at page 59 of their filings, here: http://cdn.arstechnica.net/wp-content/uploads/2014/12/document4.pdf
From the PDF: "The fundamental premise of kill chain security is that hackers must proceed through seven steps to plan and execute an attack. These steps are called the “kill chain.” While the hackers must complete all of these steps to execute a successful attack, the company has to stop the hackers from completing just one of these steps to prevent completion of the attack and data loss. Put simply, a company has seven different chances along the kill chain to prevent the attack from occurring. In the following paragraphs, Consumer Plaintiffs identify each link in the kill chain with respect to the Target data breach, explain how the hackers succeeded in moving from one link to the next and describe how Target failed to break the chain–prevent the breach–despite repeated opportunities to do so. "
The filing makes it sound like everyone who did not steal credit card data from Target earlier only has themselves to blame.