At retail giant Target, ’tis the season for holiday sales and multimillion dollar lawsuit settlements. The retailer has agreed to pay $39 million to resolve a class-action lawsuit with several U.S. banks for losses they sustained after Target’s massive data breach in 2013.
This was the final major lawsuit against Target for a holiday data breach that exposed credit and debit card information for more than 40 million customers and allowed cyberthieves to gain access to the personal data of an additional 70 million Target customers, according to the Minneapolis Star Tribune.
This latest data breach settlement comes less than four months after the Minneapolis-based retailer agreed to pay Visa-issuing financial institutions $67 million. Target also paid out $10 million in March to resolve a class-action lawsuit with consumers.
As of the end of October, Target had incurred $290 million in breach-related expenses, including the cost of changing its data security systems and point-of-sale terminals, the Star Tribune reports. Target said its insurance company covered about $90 million of the costs.
Target’s settlements could set a precedent as the first time an American retailer has been forced to absorb the majority of the costs financial institutions incur as the result of a data breach, according to the Star Tribune.
Home Depot and several other retailers are locked in similar litigation after hackers gained access to their systems.
In all such cases, the cybertheft led shoppers to seek new credit cards from banks, credit unions and other issuers. In addition to those costs, card issuers also paid for fraudulent charges on customers’ stolen cards.
The $39 million settlement is pending court approval.
Although plaintiff’s attorneys said the banks involved in the most recent lawsuit will recover nearly all of their losses and benefit handsomely from the $39 million settlement, the National Association of Federal Credit Unions had pushed for higher payouts for card issuers who lost money reimbursing customers for fraudulent charges related to the Target security breach.
“Much more needs to be done to make credit unions whole,” the association’s general counsel, Carrie Hunt, said in a statement. “Member-owned credit unions deserve to be fully compensated.”
The NAFCU wants Congress to require more stringent security standards for retailers.
“We continue to urge Congress to act to protect consumers’ financial information by enacting national data security standards for retailers and holding them directly accountable for their data breaches,” Hunt said in a statement.
Do you think retailers should be held financially accountable for data breaches? Share your comments below or on our Facebook page.