Following the highly publicized data breach affecting Target retail stores in 2013, the retail giant has agreed to pay up to $19 million to MasterCard credit card issuers worldwide to compensate them for the costs of canceling accounts, creating new accounts, and issuing new cards. MasterCard is urging card issuers to accept the deal, which calls for Target to pay the card issuers by the end of the second quarter.
In late 2013, Target suffered a massive data breach in which 110 million customer records were stolen, which included 40 million credit card numbers. In an attempt to be proactive, Target informed financial institutions about credit cards that may have been compromised and offered free credit counseling to its consumers to combat the onslaught of litigation that was to follow. As a result of the breach, which was highly publicized, many other retail establishments became victims of their own data breaches, spurring numerous lawsuits nationwide.
Apart from individual consumers filing class action lawsuits across the country against Target, credit card issuers, which include banks, credit card companies, and other financial firms, incurred hard costs of cancelling accounts and issuing replacement cards with new account numbers. While individual consumers filing data breach lawsuits had to overcome Clapper in arguing that an injury-in-fact did occur instead of speculative damages, credit-card issuers and financial institutions had actual damages to move forward on their claims. As a result, Target has negotiated a deal only with MasterCard to this point. It is possible that Target is also negotiating a similar agreement with Visa.