Lawyers representing financial institutions harmed by the massive 2013 Target data breach are calling foul on a proposed settlement agreement between the retailer and MasterCard on behalf of its member banks. Members of the Plaintiffs Steering Committee that are leading litigation efforts say the alleged $19-million settlement is vastly insufficient to compensate financial institutions for the losses they incurred as a result of the data breach. They are asking U.S. Judge Paul Magnuson, who is overseeing the consolidated litigation in United States District Court, District of Minnesota, to void the deal.
Beasley Allen is representing banks and credit unions in this multidistrict litigation (MDL). W. Daniel “Dee” Miles, III, who is head of the firm’s Consumer Fraud Section, is serving on the Financial Institution Cases Steering Committee for the MDL.
“The banks and credit unions lost hundreds of millions of dollars in the Target data breach, and Target’s attempt to reach a ‘pennies on the dollar’ settlement in a secret negotiation outside of the MDL court’s jurisdiction with an unrelated party (MasterCard) by crafting a release of some of the financial institution’s claims is an outrage,” said Miles.
He explained that Target has attempted to use a little-known small recovery procedure in the agreements MasterCard has with banks and credit unions to correct transaction errors known as the “Account Data Compromise” as a means to cheaply wiggle out of its liability for the financial institutions’ damages.
“The MDL court has control over the claims made against Target, and Target cannot release claims in the MDL with a party that is not in the MDL and then attempt to bind the financial institutions to that release,” Miles said. “The PLC has filed the appropriate motions to stop this injustice and we believe Judge Magnuson will rectify the conduct of Target at the hearing scheduled in late April.”
The massive Target data breach occurred just as the 2013 holiday shopping season was getting underway, between Nov. 27 and Dec. 15. It is believed to have compromised at least 40 million credit and debit cards and resulted in identity theft affecting as many as 110 million people. Personal information such as email addresses, phone numbers, credit and debit card numbers and PINs were stolen by hackers.
Many financial institutions were left holding the bag when their customers’ accounts were breached, responsible for closing accounts, reissuing credit and debit cards and taking the hit for unauthorized charges that were refused by the consumer. This resulted in hundreds of millions of dollars in damages.
The trial court has already denied Target’s attempts to dismiss the MDL lawsuit against it by ruling that the financial institutions’ claims for negligence and statutory violations of the Minnesota Plastic Card Act can proceed. The ruling was reached after finding that evidence of the lack of adequate security – despite knowledge of known data breach risk by Target and other retailers – existed as pled in the lawsuit.
The alleged settlement agreement, announced March 19, would reimburse MasterCard Inc. and would then be passed on to the financial institutions for expenses incurred when financial institutions were forced to reissue MasterCard debit and credit cards as a result of the data breach.
The case is In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.