MINNEAPOLIS, Minn.—Target Corp has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach.
The preliminary settlement filed on Wednesday resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards.
Target has said at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as e-mail addresses and phone numbers.
The full cost of the breach to financial institutions still remains to be determined. The settlement goes to financial institutions whose payment cards were at risk in the breach and which had not released claims against Target.
Despite the settlement, NAFCU insists that CUs need stronger efforts from retailers to protect their data and even greater compensation from Target.
“In the two years since Target’s huge data breach, consumers are still extremely vulnerable to cybercriminals during yet another holiday shopping season,” said NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt. “We continue to urge Congress to act to protect consumers’ financial information by enacting national data security standards for retailers and holding them directly accountable for their data breaches.
“Much more needs to be done to make credit unions whole,” Hunt continued. “Member-owned credit unions deserve to be fully compensated.”