A settlement between Target Corp. and Visa Inc. moves the retailer a step closer to resolving most of the financial claims against it from the 2013 data breach.
However, an attorney representing banks and other card issuers and a trade group representing credit unions pressed Target for more.
Under the settlement announced Tuesday, Target will pay up to $67 million to cover the costs that Visa Inc. and issuers of Visa cards incurred when cyberthieves broke into Target’s data system. The amount is more than three times larger than a $19 million settlement between Target and MasterCard Inc. that fell apart in May when banks and other issuers rejected the amount as too low.
The hackers accessed the credit card data of at least 40 million Target customers during a three-week period in November and December 2013, one of the largest breaches of the data system of a U.S. company. In the weeks that followed, Target customers asked banks and other issuers of credit cards for replacements.
Later in 2014, the credit-card companies, banks and consumers sued Target seeking compensation for losses they suffered because of the breach. The consumer claims were bound up in a class-action suit that Target settled earlier this year for $10 million.
When Target tried to settle a portion of the claims by banks and card issuers through MasterCard, the settlement required 90 percent of MasterCard’s issuers to agree, a threshold that wasn’t met. The two companies are still talking, and a Target spokeswoman said Tuesday the company is prepared to resolve the dispute on terms that are similar to those with Visa.
Visa on Monday notified Target that the majority of banks and issuers it represents had agreed to the $67 million amount.
The ones that didn’t will be offered a settlement formula that “would enable them to achieve the same economics as the Visa issuers that have already settled with Target and Visa,” Target said.
“This agreement attempts to put this event behind us, and increase the industry’s focus on protecting against future compromises with new technologies,” Visa said in a statement.
The National Association of Federal Credit Unions, which had urged members to reject Target’s offer through MasterCard, said the deal with Visa satisfies that credit card company’s rules.
“But it does not necessarily make financial institutions whole,” said the association.
Separately, Minneapolis attorney Charles Zimmerman, who is lead counsel in a lawsuit against Target by banks seeking class-action status, called the Visa settlement “Target’s latest effort to avoid fully reimbursing financial institutions for the losses suffered as a result of its data breach.”
Zimmerman recommended that banks and card issuers take no action when asked by Visa to sign off on the deal and noted the lawsuit he is leading will seek “to hold Target accountable for damages far greater than what has been offered under this settlement.”
A hearing is scheduled in that suit on Sept. 10.
In a statement, Target said it was pleased to reach the deal with Visa. It said it had already accounted for the costs of the settlement.
Since the breach, Target has reported $252 million in expenses tied to it, including money that was set aside to settle claims by credit card issuers. Target’s insurers have paid $90 million of that amount.