Target reaches $39M settlement with banks over data breach

Target Corp. on Wednesday reached a proposed $39 million settlement to resolve claims by banks seeking to recoup money spent reimbursing the fraudulent charges that resulted from the retailer’s 2013 data breach.

The settlement “sets an important precedent that financial institutions should not always have to bear the burden of extensive costs related to merchant data breaches over which they have no control,” co-lead plaintiffs’ counsel Charles Zimmerman said.

{mosads}The highly publicized breach during the busy holiday season exposed up to 40 million credit cards and compromised other personal information of as many as 70 million people.

Although the exact extent of fraud committed as a result of the breach isn’t known, the attack has cost Target $162 million in net expenses as of Jan. 31.

Target in August agreed to pay Visa card issuers up to $67 million to resolve claims related to the hack.

The retailer also agreed to a $10 million settlement in a class-action suit brought by exposed customers in March.

Wednesday’s agreement includes $20 million that will go directly to settlement class members and a $19 million payment to fund MasterCard’s Account Data Compromise program activities related to the breach.

MasterCard has previously rejected a proposed $19 million settlement when an insufficient number of issuing banks refused to accept the deal. Under Wednesday’s agreement, Target gives up its right to challenge MasterCard’s assessment.

The agreement must still receive approval from the courts. A preliminary hearing will be held Wednesday, after which eligible financial institutions will be notified. A final hearing will be held next year.