Skip to content
Target. Image courtesy of artzenter / Shutterstock.
Naked Security Naked Security

Target settles with banks for $39 million after epic data breach

Target has settled with banks, credit card companies and credit unions for $39m, pushing the total cost of the incident to around $300m.

US retailer Target is back in the headlines again over its 2013 breach. This week, Target has settled on an agreement to pay up to $39m to banks and credit card firms.

After an initial $19m settlement did not pass after card issuers decided it was too low, this new agreement sees Target having to pay up to $20.25 million to banks and credit unions and $19.11 million to reimburse MasterCard card issuers. Target agreed a deal with Visa for $67m in August.

According to Reuters, the settlement will resolve class action claims by lenders seeking to hold Target responsible for the cost of reimbursing customers for fraudulent charges, as well as issuing new credit and debit cards.

The story of the breach stretches back two years, when attackers gained access to Target’s financial data by accessing the retailer via its HVAC provider.

The breach saw the theft of around 40m credit and debit cards, as well as a further 70 million customer records containing information that included customer names, addresses, phone numbers and email addresses.

While Target’s CEO stepped down after the breach and the retailer has advanced its security with the addition of chip and PIN technology, the name of Target is still associated with one of the biggest data breaches we’ve seen.

After all, Target topped our list of the most epic privacy fails last year.

In total, the breach has cost Target $290m so far, of which insurance should cover $90m, the company said last week. However there are still shareholder lawsuits to come, as well as probes by the Federal Trade Commission and state attorneys general, which could well push the total costs of the incident to over $300m.

Image of Target courtesy of artzenter / Shutterstock.com.

1 Comment

“chip and PIN technology” should read “chip and signature technology”

Having just travelled to Europe recently, I can attest that the US banks do not support “chip and PIN technology” at all. Only specialty credit cards mainly from Military Credit Unions here in the US even have credit cards with “chip and PIN technology” available.

Try buying a train pass from and automated machine in Frankfurt and attempt to pay with a “chip and Signature” card. The machine will refuse the payment, straight out.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?