Target Settles Bankers’ Data Breach Claims

According to documents filed today, Target has agreed to pay approximately $39.4 million to settle claims by card issuers over its 2013 data breach. Of the settlement amount, $20.25 million will go directly to settlement class members, either on a per-card basis, over and above any amount received through the network settlements, or as a percentage of total fraud losses, minus any amount received through the network settlements.

The remaining settlement amount, approximately $19.1 million, will go to MasterCard to cover distributions paid under the network’s Account Data Compromise program. Issuers would be eligible to make claims under the settlement agreement provided they have not already released claims against Target.

The announcement of the first-ever class action settlement in a data breach case follows a $67 million settlement reached with Visa in August. MasterCard and Target earlier this year announced a $19 million settlement, which was rejected when too few MasterCard issuers accepted the agreement. Under the settlement, Target will give up the right to challenge MasterCard’s assessment of liability, which it had been seeking to retain.

ABA advocacy with Visa and MasterCard has won higher levels of reimbursements from the networks for operating costs related to future data breaches, such as reissuing cards in the wake of a large breach. ABA continues to advocate for improvements to ensure that breached entities bear the responsibility for costs following a breach.