Target Agrees to $39 Million Settlement in Data Breach Suit

Reporting from CUNA. A proposed $39 million settlement has been reached between Target Corp. and the credit unions and other financial institutions that brought claims related to the retailer’s massive December 2013 data breach. The settlement still awaits federal court approval.  

According to an announcement by financial institution counsel, the settlement payment of up to $39,357,939.38 includes:

  • Up to $20,250,000 that Target will pay directly to settlement class members and for the notice and administration of the settlement; and
  • A $19,107,939.38 payment by Target to fund MasterCard’s Account Data Compromise program relating to the data breach, and to give up its right to challenge MasterCard’s assessment, which Target would have continued to dispute in the absence of the class settlement.

A CUNA investigation found that credit unions incurred more than $30.6 million in costs related to the breach, and it continues to press lawmakers to pass legislation that would require merchants to uphold stronger data security standards.

The release noted that, if approved, the settlement will become the first class-wide data breach deal reached on behalf of financial institutions. It also said the settlement would apply to all U.S. financial institutions that issued payment cards identified as compromised as a result of the data breach at Target.

However, financial institutions that previously released claims against the retailers by participating in a settlement deal offered by Visa or MasterCard would not be included in the settlement.

“This settlement is a strong and important result for those financial institutions that sustained losses as a result of the Target data breach, providing compensation well beyond what the card brand networks offered,” said co-lead plaintiffs’ counsel Charles Zimmerman of Zimmerman Reed PLLP and Karl Cambronne of Chestnut Cambronne PA. “It also sets an important precedent that financial institutions should not always have to bear the burden of extensive costs related to merchant data breaches over which they have no control.”

If approved, eligible financial institutions will be able to submit a claim form to receive a cash payment, which will be added to funds already received through Visa’s Global Compromised Account Recovery (GCAR) program, MasterCard’s Account Data Compromise (ADC) programs, or any other card brand reimbursement program. Class members would receive the official court-authorized notice and claim forms by mail, or through the settlement website. Payments to settlement class members will be made after the court approves the settlement and all appeals have been completed.

The U.S. District Court of Minnesota is holding a preliminary approval hearing today. If the settlement receives preliminary approval, the parties will be directed to distribute notice to financial institutions. A final approval hearing will be held next year for the court to determine if the settlement is fair, reasonable and adequate. The settlement website will contain the settlement agreement, notice, hearing dates and other important information.

Questions about this story? Contact James Pearson: 206.340.4790,


Posted in Article Post.