Attorneys for certain banks and other financial institutions that are caught up in Target’s 2013 data breach are objecting to the $67 million deal struck last week between the retailer and Visa Inc. The banks and credit unions are the only plaintiffs left in the data breach litigation after Target paid $10 million in March to settle more than 140 class actions filed against it by its customers. The remaining plaintiffs say that the deal does not pay them a sufficient amount for costs incurred in reissuing cards and reimbursing customers for fraudulent charges.
Made public on Aug. 18, the $67 million resolution is designed to reimburse banks that issued Visa cards affected by the breach, which compromised 40 million credit and debit cards. But plaintiffs’ lawyers say the timing of the deal is suspicious, because the deadline is September 4, just six days before a hearing on their motion for class certification. They argue that this is a ploy by Target to avoid the significantly greater amount of damages they are seeking on behalf of a class of thousands of banks and credit unions.
Visa was not a party to a data breach lawsuit against Target. Its willingness to settle could prove to be a significant advantage for Target, which fought to keep the class certification papers under seal, citing the potential risk of another attack. In May, a $19 million deal Target reached with MasterCard Inc. unraveled after fewer than 90 percent of applicable card issuers participated. Plaintiffs lawyers had sought a permanent injunction that would have prohibited Target from requiring financial institutions to release their legal claims as part of the MasterCard deal. On May 7, U.S. District Judge Paul Magnuson in Minnesota denied the injunction, but agreed that “the terms of the settlement do not appear altogether fair or reasonable.” He continued, “At the very least, the way this issue has arisen is neither fair nor is it how the court expects attorneys to conduct themselves in litigating matters before the court.”
In contrast with the MasterCard deal, there is no requirement in the Visa deal that banks and credit unions drop their legal claims. They are, however, offered additional compensation if they do so, according to reports. Target confirmed that many banks had already signed up. It has also indicated that it is working on a similar settlement with MasterCard following the collapse of its earlier agreement with that credit card issuer.
The Target saga bears watching for a host of reasons, not the least of which is the insight it provides into the costs and troubles that befall financial services providers when a data breach occurs of any significant magnitude, and the obstacles that financial services companies must contend with in seeking compensation for their losses.