Skip to main content
close search
site logo
Dive Brief

Target reaches $39.4M settlement with banks over massive breach

Published Dec. 3, 2015
Daphne Howland's headshot
Senior Reporter

Dive Brief:

  • A proposed $39 million settlement has been reached between Target Corp. and financial institutions that had brought claims over the retailer’s massive December 2013 data breach. The settlement awaits final court approval, expected in May, though U.S. District Judge Paul Magnuson in St. Paul, MN, called it "fair, reasonable and adequate," according to court records.

  • The agreement would have Target pay as much as $20.25 million to banks and credit unions, and $19.11 million to MasterCard Inc card issuers, which had rejected a similar settlement in May that they had deemed too low. A $10 million settlement with shoppers gained court approval last month. The National Association of Federal Credit Unions insisted more needed to be done to make credit union members whole and called for Congressional action to better protect consumers. 

  • Target and Visa Inc. in August agreed to a settlement of some $67 million for costs associated with the breach. Last week, Target said it has spent $290 million related to the breach, and expected insurers to reimburse $90 million. Shareholder lawsuits and investigations by the Federal Trade Commission and state attorneys general are ongoing.

Dive Insight:

Target’s nightmare from its December 2013 cyber breach isn’t over yet, but this settlement brings it that much closer. 

“This settlement is a strong and important result for those financial institutions that sustained losses as a result of the Target data breach, providing compensation well beyond what the card brand networks offered,” co-lead plaintiffs’ counsel Charles Zimmerman of Zimmerman Reed PLLP and Karl Cambronne of Chestnut Cambronne PA, said in a statement. “It also sets an important precedent that financial institutions should not always have to bear the burden of extensive costs related to merchant data breaches over which they have no control.”

The Target of December 2013 is not the Target of today, considering that it is now a retailer with some of the strongest cyber-security controls out there, including the requirement of a personal identification number for its own EMV credit cards. The use of a PIN has been eschewed by most credit card companies and banks in the U.S., despite its superior security and against the wishes of most retailers. The retailer is also among the first to have its EMV point-of-sales system ready before the Oct. 1 deadline this year.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Locally, Leading Tech Solution Bridging Online and Offline Retail, Announces First Omni-Seller…
From Locally
December 04, 2024
Walmart, Amazon, Apple Dominate Black Friday/Cyber Monday Spending Among Paycheck to Paycheck …
From Brigit
December 04, 2024
SRS Real Estate Partners Adds Commercial Real Estate Veteran Chris Stewart to Bolster Owner Se…
From SRS Real Estate Partners
November 14, 2024
OluKai Opens First East Coast Location at Disney Springs, Florida
From OluKai
November 21, 2024
Editors' picks
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.