Target to pay Visa card issuers up to $67 mn to settle 2013 data breach

19 Aug 2015

US retailer Target has agreed to pay Visa card issuers up to $67 million to settle the retailer's 2013 data breach.

The deal was confirmed by both Target and Visa and though neither company would comment on the amount of the payment, the $67-million figure, first reported by The Wall Street Journal, was confirmed by a source familiar with the deal.

The 2013 hack of customer data was one of the largest hacking cases ever. It included credit and debit card information, related to an estimated 40 million customers.

According to Target, it was pleased to reach the agreement and the cost of the settlement had already been reflected in the company's earlier financial results.

An earlier tentative settlement with MasterCard (MA) was not accepted by enough of its card issuers. The deal with Visa has been accepted by the major Visa issuers.

"This agreement attempts to put this event behind us, and increase the industry's focus on protecting against future compromises with new technologies," said Visa's statement.

Under a federal class action suit, Target had reached a $10-million settlement with customers, but since 40 million customers had their card information stolen by the data hack, most customers would get only a few dollars.

Customers who could document larger unreimbursed losses would be eligible for reimbursement of up to $10,000.

The Minneapolis retailer said yesterday that the issuers of a majority of the cards that were compromised in the breach had entered into  direct settlements with Target and Visa, giving the two companies the green light to make a larger deal.

According to Charles Zimmerman, a lawyer for a group of banks suing Target over breach-related losses, the settlement was another attempt by the retailer to avoid fully reimbursing card issuers, AP reported. His group had called for class-action status and a hearing has been scheduled for 10 September.

The breach was disclosed by the company on 19 December, 2013, the peak of the holiday shopping season. 

Shoppers concerned over the security of their private data, avoided Target stores. The fallout left a negative impact on sales for months.

In January a Russian teenager was identified as the author of the code that allowed hackers to launch cyberattacks against Target and Neiman Marcus, according to security firm IntelCrawler. (See: Malware developed by Russian teenager used in Target attacks: reports).