MasterCard, Target agree to $19M settlement for breach costs

April 15, 2015
WASHINGTON (4/16/15)--MasterCard announced Wednesday it has reached a settlement with Target to recover costs card issuers suffered due to a massive data breach of the retailer's systems in 2013.

"This is news that credit unions and other card issuers have been waiting too long to hear," CUNA President/CEO Jim Nussle said Wednesday. "It is about time that Target steps up to its responsibilities in this breach. And it is long overdue for merchants to start living up to their responsibilities in protecting customers' sensitive information by adopting higher security standards. Congress must act and act now to stop the data breaches."
Through the settlement, Target will make available up to $19 million in alternative recovery offers to eligible credit unions and banks worldwide. Last month, the Minneapolis-based retailer settled a consumer class-action lawsuit for $10 million.
The funds will cover operational costs and fraud-related losses on MasterCard-branded cards believed by MasterCard to have been affected by the data breach. Upon accepting the offer, each issuer will release MasterCard, Target and its acquiring financial institutions from all claims related to the data breach.
CUNA will be working closely with MasterCard to determine the amount of the settlement that will be dedicated to credit unions' costs.
The settlement is contingent on, among other things, issuers representing at least 90% of the eligible MasterCard accounts accepting their alternative recovery offers, either directly or through their sponsoring issuers by May 20.
CUNA has actively engaged both the card networks in an effort to help recover credit unions' costs from the Target and other breaches. "We appreciate the open dialogue that MasterCard has had throughout this process, and we understand that they have an aggressive communication plan to get information to their credit union customers. We stand ready to assist them in communicating with the credit union system," Nussle said.

Through its research, CUNA has found that the Target and Home Depot data breaches have cost credit unions and their members at least $90 million.

A CUNA survey identified that after the Target breach alone, credit unions reissued roughly 4.6 million credit and debit cards. Credit unions not only covered the cost of fraud, but also the costs of blocking transactions, reissuing cards, increasing staff at call centers and monitoring members' accounts.

The per-card cost was approximately $5.68 per card for the Target breach and higher than that for the Home Depot security failure.