Target Corp. will pay most of the costs that banks and other credit card issuers incurred because of the retailer’s 2013 data breach.
The Minneapolis retailer agreed to settle a class-action lawsuit brought by financial institutions for $39 million. This is the last major litigation tied to the breach in which cyberthieves gained access to personal data of 40 million Target customers.
U.S. District Court Judge Paul Magnuson gave preliminary approval to the settlement Wednesday afternoon. The participants in the suit have three months to raise objections to terms before it is finally ordered.
The suit may set a precedent as the first time a U.S. retailer has absorbed most of the costs incurred by financial firms in a data breach. Home Depot and several other retailers are locked in similar litigation after hackers gained access to their systems.
In all such cases, the cybertheft led shoppers to seek new credit cards from banks, credit unions and other issuers. In addition to those costs, card issuers also paid for fraudulent charges on customers’ stolen cards.
The two biggest card networks, Visa and MasterCard, previously reached settlements with Target that covered a portion of the losses incurred by credit card issuers. Under those settlements, payments were higher if the issuer declined to join the class-action lawsuit.
The issuers who joined the lawsuit will recover all, or nearly all, of their losses as a result of Wednesday’s settlement, plaintiff’s attorneys said.
“Banks who decided not to merely waive their claims but cast their lot with this class case are going to be handsomely benefiting from it,” one of the lead attorneys, Karl Cambronne of Chestnut Cambronne, said in an interview.
A Target spokeswoman said the company was pleased the process was moving forward.
Consumer claims tied to the data breach were bound up in a class-action suit that Target settled earlier this year for $10 million.
Through October, Target had incurred $290 million of expenses related to the breach, including changing data security systems and point-of-sale terminals as well as payouts to litigants. Insurance paid for about $90 million of the costs, the company said.
After the settlement was announced, the National Association of Federal Credit Unions, which had advocated for higher payouts to card issuers, said it would continue to pressure Congress to create data-security standards for retailers that are comparable to those required of financial institutions.