Banks have stymied an out-of-court settlement reached between Target Corp. and MasterCard in the multi-district litigation over Target’s massive data breach during the 2013 holiday season.  MasterCard, who has estimated that about 8.8 million of its accounts were affected by the breach, had agreed to settle with Target for $19 million, which it would use to reimburse banks and credit unions for damages they suffered from the breach.  While MasterCard had claimed the settlement would cover 71.4 percent of banks’ costs, the banks disputed MasterCard’s formula and called the settlement “laughable.”   The parties had until Wednesday, May 20th, to get 90 percent of plaintiff banks to sign on to the deal, but failed to do so.

The lead counsel for the banks involved in the litigation announced they were delighted the settlement failed.  “We are pleased that financial institutions have resoundingly rejected Target and MasterCard’s attempt to avoid fully reimbursing the losses suffered during one of the largest data breaches in U.S. history…  Financial institutions clearly saw through Target’s misleading statements and efforts to extinguish pending legal claims for pennies on the dollar.”

Since the late-2013 breach, Target has expended approximately $256 million, only $90 million of which is expected to be covered by insurance.  Target’s current setback with banks is indicative of the many challenges companies face in the wake of a data breach as the government, consumers, and business partners all bring separate actions.  Target settled with consumers for $10 million in March 2015.