It was announced today that retail giant Target Corporation has agreed to settle claims with financial institutions related to its massive 2013 data breach. This is the first time a retailer has agreed to a data breach settlement with financial institutions. The settlement, which has preliminary approval from U.S. Judge Paul Magnuson, who is overseeing the consolidated litigation in United States District Court, District of Minnesota, would total nearly $40 million.
Montgomery based law firm Beasley, Allen, Crow, Methvin, Portis and Miles, P.C., is among the firms representing the financial institutions in multidistrict litigation (MDL) against Target, and its lawyers are serving on the settlement committee that helped structure this settlement.
“This agreement provides real relief for the financial institutions that suffered financial losses as a result of Target’s irresponsible management of its customer data,” says W. Daniel “Dee” Miles, III, who is head of the firm’s Consumer Fraud Section and serving on the Financial Institution Cases Steering Committee for the MDL. “These financial institutions upheld their duty to their customers, and they should not have to pay the price for Target’s negligence.”
The settlement would apply to all U.S. financial institutions that issued payment cards put at risk as a result of the data breach. That includes up to $20,250,000 that would go directly to members of the class action and to pay for the notice and administration of the settlement. The remaining $19,107,939.38 would fund MasterCard’s Account Data Compromise program.
The banks and financial institutions have already received a settlement from Visa reportedly valued at $67 million.
The massive Target data breach occurred just as the 2013 holiday shopping season was getting underway, between Nov. 27 and Dec. 15. It is believed to have compromised at least 40 million credit and debit cards and resulted in identity theft affecting as many as 110 million people. Personal information such as email addresses, phone numbers, credit and debit card numbers and PINs were stolen by hackers.
Financial institutions including banks and credit unions lost hundreds of millions of dollars in the Target data breach when affected consumers’ accounts were breached. They were left responsible for the costs of closing their customer accounts, reissuing credit and debit cards, and taking the hit for unauthorized credit card charges that were refused by consumers who had been defrauded.
Approximately 9,000 banks and credit unions are represented in the class action. The lawsuit alleged Target was negligent in securing its data and that it violated Minnesota’s Plastic Security Card Act, which prohibits vendors from retaining certain payment card data for more than 48 hours, among other safety measures.
Law 360 – Target Pays $39M To Settle Card Issuers’ Data Breach Claims
Credit Union Times – Target Settles in Breach Suit