·  Legal News, Analysis, & Commentary


Banks: Target, Mastercard Data Breach Settlement is Insufficient

— May 25, 2015


A lawsuit will continue in U.S. District Court in Minnesota regarding Target’s widespread 2013 pre-holiday data breach as banks rejected a $19 million settlement proposed last month. Over 40 million debit and credit cards were compromised during the breach, putting millions of cardholders’ information at risk. The settlement set aside by Target would have allowed MasterCard to reimburse the issuing banks for losses during the breach as well as for the cost of processing replacement cards. The April settlement was contingent on the approval of issuing banks totaling 90 percent of the affected cardholders by May 20th, a threshold which MasterCard representatives say was not met. The lead lawyers for the banks argued that the amount was insufficient, and that Target was trying to “extinguish pending legal claims for pennies-on-the-dollar.”

NAFCU’s Vice-President Carrie Hunt encouraged banks not to accept the $19 million dollar Target settlement Photo Courtesy of NAFCU
NAFCU’s Vice-President Carrie Hunt encouraged banks not to accept the $19 million dollar Target settlement
Photo Courtesy of NAFCU

The settlement’s breakdown means that the lawsuit will continue in federal court. In a statement, the banks’ attorneys said, “We are pleased that financial institutions have resoundingly rejected Target and MasterCard’s attempt to avoid fully reimbursing the losses suffered during one of the largest data breaches in U.S. history.” The lawyers estimate that actual losses and expenses as a result of the breach total over $160 million. Target is also currently in negations with Visa over its customers’ losses and expenses during the breach. National Association of Federal Credit Unions (NAFCU) Senior Vice-President and General Counsel, Carrie Hunt responded to the news, saying “The failure to opt in to the settlement by financial institutions sends a strong signal to card companies that the current reimbursement system does not work and financial institutions need to be made whole.”

It is estimated that the beach compromised the personal information over 110 million people. Target announced the breach on December 19th, 2013 during the peak of the holiday season, drastically dampening the company’s profits and causing widespread fear among the company’s shoppers. The breach also cost the job of CEO, Gregg Steinhafel last year. Despite the financial cost and the creation of public fear, the breach has led to proactive reforms in financial data-security. Card makers have been developing chip-card technology that uses a one-time code during the point of sale as opposed to the more common magnetic-reader cards that input the entire card number. Experts say that chip cards are nearly impossible to copy. Target has been working on converting its cash registers to accept chip-cards in roughly 1800 stores since 2014. Hunt and the NAFCU have been working with other organizations on pushing Washington to enact tough data-security protocols. Hunt reaffirmed the organization’s commitment in light of the lawsuit, saying “Litigation does nothing to prevent future breaches. That is why we continue to urge Congress to act to protect consumers’ financial information by enacting stronger standards and holding retailers and merchants directly accountable for their data breaches.”


Business Insider/AP – Bree Fowler

Marketwatch – National Association of Federal Credit Unions (NAFCU)

Reuters – Joseph Ax




Join the conversation!