US Target pays price for data breach
Target Corp. will pay about $39 million to banks and credit unions to resolve losses from a 2013 holiday-season data breach, as retailers and financial institutions continue to grapple with the costs of major hacker attacks.
Financial institutions sued the Minneapolis-based retailer to recover an estimated $200 million in losses stemming from the hack, in which as many as 40 million payment cards were exposed. Lawyers for the banks argued the retailer failed to take precautions to protect the customer data.
The settlement comes as reports of data breaches mount. Other major breaches within the past couple of years include hacks of Home Depot Inc., JPMorgan Chase & Co., auction site eBay Inc. and health insurer Anthem Inc. In the latest, VTech Holdings Ltd. of Hong Kong said Wednesday that hackers who infiltrated its online services had gained access to the profiles of more than 6 million children.
Settlement negotiations between retailers and banks over the coverage of losses from hacks have been complicated by payment card firms that step in to cut their own deals. Lawyers for the banks in the Target case had criticised attempts by card firms Visa Inc. and MasterCard Inc. to negotiate separate settlements with their clients and the retailer outside of the litigation.
Similarly, in a lawsuit against Home Depot over a 2014 hack, lawyers for banks said in a filing on November 30 that they had reason to believe MasterCard is working on its own deal. The filing did not provide details or the amount of the potential settlement.
Seth Eisen, a spokesman for MasterCard, said the payment card company and “several of our larger issuing customers have been in discussions with The Home Depot to settle claims related to the 2014 data breach.” Stephen Holmes, a spokesman for the home improvement chain, said Home Depot has reached a “tentative agreement.”
In a memorandum filed Wednesday describing the Target accord, lawyers for the banks and credit unions said Target will contribute more than $20 million to a general settlement fund and more than $19 million to a separate recovery program handled by MasterCard. In an order Wednesday in St. Paul, Minnesota, US District Judge, Paul A. Magnuson, granted preliminary approval to the settlement and said that it is “fair, reasonable and adequate.” The deal will require final approval. A hearing is scheduled for May 10.
The settlement provides “compensation well beyond what the card brand networks offered,” Charles Zimmerman, a lawyer for the financial institutions, said in a statement.
Target spokeswoman, Molly Snyder, said the retailer is “pleased that the process is continuing to move forward.”
The Consumer Bankers Association said member costs for card replacements and other expenses stand at about $172 million. The Credit Union National Association said its members have shelled out $30.6 million.
The National Association of Federal Credit Unions, another trade association, said more needs to be done by policy makers to address the costs of breaches. The group said retailers should be required to adopt “national data security standards” and be held “directly accountable for their data breaches.”
Want more Inside Retail? Subscribe to Inside Retail Weekly now and get our premium print publication delivered to your door every week.
Inside Retail Polls
In the latest issue of Inside Retail, we celebrate 20 of Australia’s coolest businesses. Get the free report here:… https://t.co/REjr5LDgoE5 days ago