Out-Law / Your Daily Need-To-Know

Target agrees latest settlement over data breach costs

Out-Law News | 04 Dec 2015 | 2:26 pm | 1 min. read

Target has agreed to pay banks, credit unions and MasterCard-sponsored payment card issuers nearly $40 million to reimburse those businesses for some of the costs they incurred in handling a major data breach that affected the US retailer in 2013, according to media reports.

Reuters reported that Target will pay up to $20.25m to banks and credit unions and a further $19.11m to MasterCard card issuers.

The planned settlement, if finalised, would resolve a dispute that has been ongoing since late last year. At that time financial institutions won permission to pursue as case against Target for reimbursement of costs they bore when a hacking attack on Target exposed credit and debit card details of approximately 40m Target customers in 2013.

The settlement has been provisionally approved by a US district court judge in Minnesota as being "fair, reasonable and adequate", Reuters reported, with a final decision expected in May next year.

Earlier this year Target and Visa agreed a deal which would see the US retailer reimburse the payment card company and banks that issue Visa cards up to $67m over the data breach incident in 2013, a report by The Wall Street Journal said. Reuters said that a separate $10m settlement between Target and its customers was approved by a US court in November.

Target and MasterCard previously agreed on a proposed $19m settlement in relation to reimbursement for data breach costs, however MasterCard-issuing banks failed to support that deal in sufficient number.

Reuters reported that the data breach has cost Target $290m to date, although the company expects to recover $90m in insurance payments.

TalkTalk chief executive Dido Harding said last month that the data breach incident that affected the telecoms provider in October could cost the company up to £35m in "one-off costs".

Recent research carried out by Pinsent Masons, the law firm behind Out-Law.com, found that Northern Irish businesses view a data security breach as their "biggest corporate crisis threat", ahead of experiencing a health and safety accident, being embroiled in a bribery or corruption investigation or being responsible for environmental pollution.

Earlier this year retail expert Tom Leman of Pinsent Masons warned retailers that they face a growing cyber security threat and that failing to recognise and respond appropriately to the risks could have serious implications for the viability of their business.