Target has agreed to a $39 million settlement in a class action suit with several U.S. banks stemming from Target’s massive 2013 data breach. That data breach affected customers who shopped at U.S. Target stores between November 27 and December 15, 2013, compromising approximately 40 million credit and debit card accounts.
Some of the banks that issued cards affected by the breach (“issuers”) initiated a class action suit against Target alleging that “Target falsely represented that it would comply with the Card Operating Regulations and would safeguard customer data.” The costs of card replacements and fraudulent charges are usually defrayed by the issuers, and may be reimbursed by the company that experienced the breach through contractual agreements managed by the card brands, but the banks sought to prove that Target was negligent in securing its systems in order to recover their alleged full costs. The five named plaintiff banks in the lawsuit against Target sought damages on behalf of the entire class of affected issuers, although the settlement excludes a large number of issuers who already reached separate agreements with Target.
The settlement consists of a payment of up to $20.3 million to settlement class member banks who are not covered by other agreements, with the remaining $19 million to fund MasterCard’s Account Data Compromise (ADC) program relating to the data breach. Target’s settlements announced earlier this year arising from the 2013 data berach were (1) an agreement with Visa for approximately $67 million that included reimbursements through its Global Compromised Account Recovery (GCAR) program, and (2) a settlement with a class of consumers affected by the data breach for $10 million, to which the district court gave final approval on November 17, 2015.
Reporter, Stephen Abreu, San Francisco, +1 415 318 1219, email@example.com.