Target Reaches $67 Million Settlement With Visa Over Data Breach

» Get Patch’s daily newsletter and real-time news alerts.

By MARC TORRENCE (Patch National Staff)

Target has reached an agreement with Visa to pay card issuers up to $67 million in a settlement connected to the massive data breach that affected 40 million cardholders in 2013, the company confirmed in an email to Patch.

Under the settlement, the retail giant will pay Visa-issuing banks up to $67 million for costs incurred during the breach.

Target had previously reached a settlement with individual card users, but the July 31 deadline to submit a claim has passed.

“Target is pleased that we have reached a settlement agreement with Visa related to the data breach we experienced during the fourth quarter of 2013,” Molly Snyder, a company spokeswoman, said. “The costs of the settlement are already reflected in Target’s previously reported fiscal 2013 and 2014 results.”

Snyder said that the deal was conditional on a majority of the issuers entering into the direct settlement with Visa and Target. Visa on Monday certified that had happened, and the deal went into effect.

Target is extending a settlement offer to the remaining issuers “using a settlement formula that would enable them to achieve the same economics as the Visa issuers that have already settled with Target and Visa,” Snyder said.

But one of the lead counsel for the plaintiffs in this case is recommending issuers not take the settlement.

The settlement follows the rejection of a similar, $19 million deal with MasterCardissuers, which was rejected because it didn’t receive the needed 90 percent support of the involved banks.

“This settlement with Visa is Target’s latest effort to avoid fully reimbursing financial institutions for the losses suffered as a result of its data breach,” Charles Zimmerman of Zimmerman Reed PLLP said in an emailed statement to Patch. “Just as with the proposed MasterCard settlement – resoundingly rejected by financial institutions in May – this deal was negotiated under a veil of secrecy without the involvement of the court or the court-appointed legal representatives of financial institutions.

“Importantly, it fails to fully reimburse card issuers for the substantial losses suffered from the Target data breach.”

Instead, Zimmerman is urging issuers to ”do nothing,” which would still give them a small amount of automatic money under Visa’s Global Account Compromise Recovery program—a company policy for card issuers with compromised accounts—but not fully drop their claims against Target.

Zimmerman says that a class certification motion is still pending in the case, “which seeks to hold Target accountable for damages far greater than what has been offered under this settlement.”

A hearing in that case is scheduled to take place September 10.

Target suffered one of the biggest data breaches in history during the 2013 holiday season, when an estimated 40 million credit and debit cards were exposed to fraud.