US retailer Target is back in the headlines again over its 2013 breach. This week, Target has settled on an agreement to pay up to $39m to banks and credit card firms.
After an initial $19m settlement did not pass after card issuers decided it was too low, this new agreement sees Target having to pay up to $20.25 million to banks and credit unions and $19.11 million to reimburse MasterCard card issuers. Target agreed a deal with Visa for $67m in August.
According to Reuters, the settlement will resolve class action claims by lenders seeking to hold Target responsible for the cost of reimbursing customers for fraudulent charges, as well as issuing new credit and debit cards.
The story of the breach stretches back two years, when attackers gained access to Target’s financial data by accessing the retailer via its HVAC provider.
The breach saw the theft of around 40m credit and debit cards, as well as a further 70 million customer records containing information that included customer names, addresses, phone numbers and email addresses.
While Target’s CEO stepped down after the breach and the retailer has advanced its security with the addition of chip and PIN technology, the name of Target is still associated with one of the biggest data breaches we’ve seen.
After all, Target topped our list of the most epic privacy fails last year.
In total, the breach has cost Target $290m so far, of which insurance should cover $90m, the company said last week. However there are still shareholder lawsuits to come, as well as probes by the Federal Trade Commission and state attorneys general, which could well push the total costs of the incident to over $300m.