Approximately a year ago, Target announced that hackers had stolen the names, addresses and phone numbers of over 70 million shoppers as well as credit card information of 40 million shoppers. As we reported in our previous Cyber Client Update, in its 2014 full-year earnings report, Target disclosed that the cost of the cyber-attack had reached US$162m. According to the explanations provided by the company, the amount would have been higher had it not recovered some of the money through insurance payouts.
As a consequence of the above, in March 2015, Target agreed to pay about US$20m in a proposed settlement of a class-action lawsuit related to the data breach, which was filed against it in the United States District Court of Minnesota). The payout would be approximately the same amount as TJX Cos. paid to MasterCard holders in 2008 for a data breach that exposed more than 100 million cards to fraud. TJX is the parent of discount retailer TJ Maxx and other chain stores.
The settlement emphasizes the ongoing financial costs that are associated with a wave of data breach cases and which have exposed hundreds of millions of consumers to fraud over the past year.