A $19 million settlement plan designed to reimburse banks for their losses in the Target Corp. credit card breach has fallen through from lack of bank support.
The settlement, reached in April, was contingent upon the agreement of banks that issued credit to at least 90 percent of the MasterCard accounts signing on to the settlement by May 20. On Friday, numerous parties, including Target and MasterCard, indicated that the 90 percent threshold hadn’t been met.
Any bank or credit union agreeing to the terms would be required to drop further claims against Target. MasterCard wasn’t a party to the suit.
With the initial pact now rejected, banks and other card-issuing institutions are free to press their claims against the Minneapolis-based retailer, which saw more than 40 million credit cards compromised, along with personal information from up to 110 million account holders.
Visa has continued to negotiate with Target regarding losses connected to the breach. Under current credit arrangements, the losses are the responsibility of the banks and credit unions as card issuers, but those institutions can seek recovery from retailers and other payees based on the belief that they had failed to provide sufficient safeguards against the compromise of cards, money and identities.
“We are pleased that financial institutions have resoundingly rejected Target and MasterCard’s attempt to avoid fully reimbursing the losses suffered during one of the largest data breaches in U.S. history,” commented Charles Zimmerman and Karl Cambronne, attorneys who represent the banks in the action. “Financial institutions clearly saw through Target’s misleading statements and efforts to extinguish pending legal claims for pennies on the dollar.”
Carrie Hunt, senior vice president of government affairs and general counsel for the National Association of Federal Credit Unions, said, “Credit unions deserve to be fully compensated for their losses that were no fault of their own. The failure to opt in to the settlement by financial institutions sends a strong signal to card companies that the current reimbursement system does not work and financial institutions need to be made whole.”
Target declined comment on the issue and calls to MasterCard for comment on Friday weren’t returned.
A federal lawsuit involving a number of smaller banks, expected to seek class action status, has been assigned to the U.S. district court in St. Paul and is expected to be heard next March.
Meanwhile, the determination of liability in security breach cases is scheduled to change in October, when retailers are expected to shift to chip-and-pin credit and debit cards from magnetic stripe cards or face greater assumption of responsibility for losses. But issuers have been pushing back, generally favoring a combination of a chip card verified by a signature.
When it reported first-quarter results Monday, Target said that its breach-related expenses totaled $256 million, offset by an expected $90 million in insurance receivables.