Out-Law News 1 min. read
04 Dec 2015, 2:26 pm
Reuters reported that Target will pay up to $20.25m to banks and credit unions and a further $19.11m to MasterCard card issuers.
The planned settlement, if finalised, would resolve a dispute that has been ongoing since late last year. At that time financial institutions won permission to pursue as case against Target for reimbursement of costs they bore when a hacking attack on Target exposed credit and debit card details of approximately 40m Target customers in 2013.
The settlement has been provisionally approved by a US district court judge in Minnesota as being "fair, reasonable and adequate", Reuters reported, with a final decision expected in May next year.
Earlier this year Target and Visa agreed a deal which would see the US retailer reimburse the payment card company and banks that issue Visa cards up to $67m over the data breach incident in 2013, a report by The Wall Street Journal said. Reuters said that a separate $10m settlement between Target and its customers was approved by a US court in November.
Target and MasterCard previously agreed on a proposed $19m settlement in relation to reimbursement for data breach costs, however MasterCard-issuing banks failed to support that deal in sufficient number.
Reuters reported that the data breach has cost Target $290m to date, although the company expects to recover $90m in insurance payments.
TalkTalk chief executive Dido Harding said last month that the data breach incident that affected the telecoms provider in October could cost the company up to £35m in "one-off costs".
Recent research carried out by Pinsent Masons, the law firm behind Out-Law.com, found that Northern Irish businesses view a data security breach as their "biggest corporate crisis threat", ahead of experiencing a health and safety accident, being embroiled in a bribery or corruption investigation or being responsible for environmental pollution.
Earlier this year retail expert Tom Leman of Pinsent Masons warned retailers that they face a growing cyber security threat and that failing to recognise and respond appropriately to the risks could have serious implications for the viability of their business.