Target US to pay banks $54m in data breach settlement

Target US has agreed to pay US$39.4 million (A$53.9 million) to settle with banks and credit unions over claims of lost money as a result of the retailer's late 2013 data breach.

The settlement resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards.

Target has said at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers.

The retailer has taken steps to avoid a recurrence, including being among the first US retailers to install microchip-enabled card readers at all stores.

Today's settlement calls for Target to pay as much as US$20.2 million to banks and credit unions, and US$19.1 million to reimburse MasterCard card issuers.

Target had reached a similar accord with MasterCard in April, but it was rejected the next month when card issuers deemed the sum too low.

The settlement won preliminary approval from US district judge Paul Magnuson, who called it "fair, reasonable and adequate," court records showed. A hearing on final approval was scheduled for May 10, 2016.

Earlier settlements

Earlier this year, Target agreed to pay Visa card issuers as much as US$67 million over the breach and reached a US$10 million settlement with shoppers. The latter accord won court approval last month.

Last week, Target said it had spent US$290 million related to the breach, and expects insurers to reimburse US$90 million. It still faces shareholder lawsuits, as well as probes by the Federal Trade Commission and state attorneys general, over the breach.

Target spokeswoman Molly Snyder said the retailer was "pleased that the process is continuing to move forward."

Bearing the burden

The latest settlement covers all financial institutions that issued payment cards put at risk by the breach, and which did not previously release their claims against Target.

Trade groups representing banks and credit unions have estimated that their members incurred more than US$200 million of expenses related to the breach.

"Financial institutions should not always have to bear the burden of extensive costs related to merchant data breaches over which they have no control," the plaintiffs' lawyers Charles Zimmerman and Karl Cambronne said in a joint statement.

Target will also pay the plaintiffs' legal fees, pending court approval, and will not appeal any sum of US$20 million or less, court papers show.

Shares of Target closed down 88 cents, or 1.2 percent, at US$71.93 on the New York Stock Exchange.