While the winter holidays are a time for spending and good cheer, the 2013 holiday season was one that continues to be costly for Target. On December 19, 2013, Target publicly announced that computer hackers had stolen data, including credit card payment information, from millions of Target shoppers. In January 2014, Gibbons P.C., in light of the Target data breach, discussed the ramifications of delay in notifying consumers, whether the delay was intentional or as a result of compliance with law enforcement requests. Banks and credit unions, which had issued credit cards affected by the breach, were forced to reimburse Target customers in some cases and reissue millions of cards, brought a class action lawsuit against Target.
It is estimated that Target has spent more than $300 million associated with the December 2013 data breach. These costs include the recent $67 million settlement reached with Visa, which was reported on August 18, 2015. The Target/Visa settlement follows a rejected proposed settlement between Target and MasterCard for a significantly less amount. The proposed Target/MasterCard settlement was rejected by the financial institutions who had issued MasterCard-branded cards to Target customers. It is being reported, however, that Visa card issuers have accepted the Target/Visa settlement. If the Target/Visa settlement includes the standard releases, these card issuers will likely drop out of the pending class action lawsuit against Target. Moreover, since the Visa card issuers are some of the largest financial institutions, such as Chase, Bank of America, Capital One, and Citibank, the Target/Visa settlement could also signal an end to the pending class action lawsuit brought by the financial institutions and the nearing of the end of a very costly 2013 holiday season for Target.
The credit card industry has been haunted by large data breaches since the 2013 Target data breach. The Target/Visa settlement will likely provide a framework for settling these types of class action data breach litigations that have become more commonplace in the current cyber climate. Members of the Gibbons Data Privacy & Security Task Force will continue to monitor developments in the ongoing data breach litigations to address the range of privacy and security issues that affect our clients’ businesses.