Target settles banks’ data breach class action

Posted on: December 3rd, 2015 by Steve Larson
Share

Data SecurityBanks suing Target Corp. over its massive 2013 data breach have agreed to a $39 million settlement to resolve the class action.  This was the first data breach class action settlement ever reached where financial institutions were the plaintiffs.

Under the terms of the settlement, which U.S. District Judge Paul A. Magnuson preliminarily approved, Target will pay up to $20.25 million directly to settlement class members and make an additional $19.1 million payment to fund MasterCard’s Account Data Compromise program relating to the breach.

 

The settlement will apply to all U.S. financial institutions that issued payment cards identified as having been at risk as a result of the breach of more than 40 million payment cards used at Target in late 2013 and that did not previously release their claims against the retailer by signing onto separate deals with card brands Visa Inc. and MasterCard Inc.

The pact announced Wednesday stems from a consolidated class action complaint filed in August 2014 by Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union, and First Federal Savings of Lorain, alleging that Target negligently failed to protect financial institutions’ data and violated the Minnesota Plastic Card Security Act.

Just before the class was certified, Target announced a $67 million agreement that it had reached with Visa outside of litigation, which nearly 75 percent of Visa issuers accepted in exchange for a full release of their claims against the retailer, according to the parties.

Target also reached a $19 million settlement with MasterCard, but that deal fell apart in May after the companies failed to get enough banks to sign onto the payout.

The settlement described in this post resolves the MasterCard-related claims by requiring Target to forfeit its right to challenge MasterCard’s liability assessment of $19.1 million, which it would have continued to dispute had the litigation gone forward, and put that amount into the card issuer’s ADC recovery program.

The remaining $20.25 million of the settlement amount will be paid directly to class members, which will have the option to make a claim to receive either at least $1.50 per compromised payment card over and above any per-card amount that they will receive from MasterCard or Visa’s recovery programs, or receive up to 60 percent of their total fraud, reissuance and other costs related to the breach, less any amounts received through the network recovery programs..

Class counsel also requested service awards for each of the five settlement class representatives as well as attorneys’ fees and costs, which Target has agreed to pay separately from the $39.3 million settlement fund and has pledged not to appeal any award of attorneys’ fees that is less than $20 million.

The case is In re: Target Corp. Customer Data Security Breach Litigation, case number0:14-md-02522, in the U.S. District Court for the District of Minnesota.