Target settles data breach lawsuit with MasterCard for $19M

NEW YORK — Target and MasterCard say they’ve agreed to settle lawsuits over the discounter’s pre-Christmas 2013 massive data breach.

Target said late Wednesday it has set aside up to $19 million for banks and credit unions issuing MasterCards that were caught in the data breach that compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15, 2013.

MasterCard Inc. said the money will be available to banks and credit unions for operating costs and fraud-related losses on cards believed to have been affected. The settlement will go into effect if at least 90 percent of eligible issuers accept the offer by May 20.

“We are hopeful that Target’s agreement to pay up to $19 million to settle the claims of MasterCard and its issuers will result in a high level of issuer acceptance,” said Scott Kennedy, president, financial and retail services at Target in a statement. “Target intends to continue to defend itself vigorously against any assessments made by MasterCard on behalf of MasterCard issuers that do not accept their offers.”

Target Corp. disclosed the massive breach on Dec. 19, 2013 during the height of the critical holiday shopping season. The disclosure rattled shoppers who stayed away from the Minneapolis-based retailer as they were nervous about the security of their private data. That hurt profits and sales for months.

Target’s high-profile breach pushed banks, retailers and card companies to increase security by speeding the adoption of microchips in U.S. credit and debit cards. Supporters say chip cards are safer, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer’s register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards are also nearly impossible to copy, experts say.

Target overhauled some of its divisions that handle security and technology. The company has also been upgrading its cash registers so they can accept the more secure cards in its nearly 1,800 stores. The breach was also a major factor behind the abrupt departure of its CEO Gregg Steinhafel in May 2014.

BY ANNE D’INNOCENZIO and MARLEY JAY, AP Business Writers