News Feature | April 22, 2015

What the Target Breach Settlement With MasterCard Means For Retailers

Source: Innovative Retail Technologies
Christine Kern

By Christine Kern, contributing writer

Target Reaches $19 million agreement with MasterCard over 2013 breach.

The ripples from the 2013 data breach at Target are still making themselves firmly felt.  The retailer has reached an agreement with MasterCard to pay up to $19 million to MasterCard issuers around the world, dealing with one of the consequences of its massive 2013 breach, according to CNet.

Meanwhile, the lawyers in the federal lawsuit raised objections to the proposed settlement.  Lead counsel for the lawsuit Minneapolis attorney Charles Zimmerman called the agreement a “secret deal” offering “pennies on the dollar” to financial institutions that incurred millions of dollars in losses due to the Target data breach.  He also asserted that Target and MasterCard circumvented the court process already in motion, according to the Star Tribune.

The proposed settlement is contingent on 90 percent of eligible MasterCard accounts that were affected by the breach to sign on to it and to release them of any claims, including the pending federal lawsuit. Financial institutions have until May 20 to endorse the proposal. If it passes, banks would be paid by the end of the second quarter this year.

Target suffered a massive data breach in late 2013 in which 110 million customer records, including 40 million credit-card numbers, were stolen. So far, no one has been charged.

It is noteworthy that this agreement only concerns MasterCard card holders.  The retailer is also currently negotiating a separate deal with Visa, which is believed to have had more accounts affected than MasterCard.

According to the settlement terms, the funds compensates card issuers for the costs of dealing with hacked accounts, including cancelations, reissues, and communications with customers.

Target also reached a settlement last month in another class-action lawsuit related to the breach. In that case brought by consumers whose cards were stolen, the retailer agreed to a $10 million settlement.

The rise of data breaches across retail – hitting major retailers like Target, Home Depot, Staples, Kmart, and more – is putting more emphasis on security and cyber threat prevention.  And the Target-MasterCard settlement – just one piece of the settlement puzzle – also demonstrates that the costs of breaches extend far beyond just the parameters of the breach itself.

The proposed $19 million settlement with MasterCard is reflected in the $252 million in costs Target has said it expects to pay for breach-related expenses, according to the Star Tribune.

About 40 million customers had their payment card information stolen after hackers infiltrated Target’s point-of-sale systems. Another 70 million people had personal information compromised.