Target and Visa Work Out a Settlement

Target Corp. and Visa Inc. announced that they had reached a $67 million settlement that would compensate various card issuers for the cost of the now infamous 2013 Target data breach.

According to Target, the data breach settlement applies to a subset of card issuers that represent the majority of Visa cards determined to be at risk because of the Target data breach. These card issuers have reportedly entered into direct settlements with both Target and Visa.

A day prior to this settlement announcement, Visa informed Target that the required subset of card issuers affected by the data breach have entered into settlements to make Target’s agreement feasible. Settlement offers are currently being sent to the remaining group of Visa card issuers that would allow these institutions to receive comparable results as the issuers who have already settled with Visa and Target, the retailer states.

According to Visa, this Target data breach settlement agreement is the companies effort to leave the data breach in the past in order to focus on an industry-wide concern of fending off future breaches. On the same day that the $67 million data breach settlement was announced, a Visa representative stated: “Visa has worked to help Target reach a resolution for the expenses incurred by financial institutions as a result of the 2013 compromise. Nevertheless, the fact remains that data breaches are an unfortunate situation for all parties involved — especially consumers.”

This Visa card issuer settlement is good news for Target, as it comes on the heels of the failed May 2015 $19 million agreement brokered between the popular retailer and MasterCard Inc., that fell apart because both Target and MasterCard failed to convince enough banks to sign into the data breach payoff. This settlement would have resolved a data breach class action lawsuit filed against the companies in Minnesota federal court, which had been part of a larger Target data breach multidistrict litigation that was established following the 2013 data breach.

However, not all is lost in that case, as MasterCard recently stated that the credit card company is working closely with the retailer and that Target has suggested that this same settlement approach be used for the Visa card issuers and similar terms were to be made available to MasterCard issuers. According to MasterCard, “We will now place the revised Target settlement offer in front of our customers for their consideration.”

It is estimated that 110 million Target consumers had their personal and financial information compromised during the 2013 Target data breach, which in turn also affected 40 million credit and debit cards. The Target data breach is one of the largest personal information breaches in U.S. history.

In addition to Target’s data breach settlement agreements with Visa and MasterCard credit and debit card issuers, the retailer has also agreed to settlements with consumers. In March of this year, a $10 million data breach settlement agreement was given preliminary approval by a Minnesota federal judge, which would provide consumers with documentation of their credit or debit card losses up to $10,000 in awards each. This Target data breach settlement with consumers also requires the retailer to increase security for consumer data, which includes appointing a chief information security officer, sustaining a written information security system, and implementing a program to monitor information security events.