Target Corp. has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach. The preliminary settlement filed on Wednesday resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards.
Target has said at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers. The Minneapolis-based retailer has taken steps to avoid a recurrence, including being among the first U.S. retailers to install microchip-enabled card readers at all stores.
Wednesday's accord was filed with the U.S. District Court in St. Paul, Minnesota, and requires court approval. It calls for Target to pay as much as $20.25 million to banks and credit unions, and $19.11 million to reimburse MasterCard Inc. card issuers. Target had reached a similar settlement with MasterCard in April, but it was rejected the next month when card issuers deemed the sum too low.
Earlier this year, Target agreed to pay Visa card issuers as much as $67 million over the breach and reached a $10 million settlement with shoppers. The latter accord won court approval last month.
Last week, Target said it has spent $290 million related to the breach, and expects insurers to reimburse $90 million. It still faces shareholder lawsuits, as well as probes by the Federal Trade Commission and state attorneys general.
Target spokeswoman Molly Snyder said the retailer is "pleased that the process is continuing to move forward."
The case is In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.