In 2013, Target suffered a massive data breach in which at least 40 million credit cards were compromised during the holiday shopping season. The attack also resulted in the theft of personal information, including email addressees and telephone numbers, from as many as 110 million people.
The affects of that breach have followed Target into 2015, with two different court settlements. The first was the payment $10 million, ordered by a U.S. district judge in St. Paul, Minnesota, to resolve a class-action lawsuit brought against the company by customers. The second was a $19 million agreement with MasterCard to cover damages to the financial institution following the Target breach.
Individuals in the class-action suit are eligible for up to $10,000 if they can prove they suffered real financial loss. Of the 110 million affected by the data breach, very few suffered monetary losses.
The most recent settlement, with MasterCard, is contingent on 90 percent of eligible MasterCard accounts to sign on the agreement and release both companies of any claims, including a pending federal lawsuit. The funds will compensate card issuers for the costs of dealing with hacked accounts.
Target is negotiating a separate deal with Visa, which is thought to have had more accounts affected than MasterCard.
The rise of data breaches across the retail industry, and the results of the following lawsuits, are a warning to retailers to ensure that they are dedicating enough attention to security and cyber threat prevention. It is imperative that businesses remain up-to-date with PCI security protocols and credit processing software developments, to ensure that they are offering customers the best protection possible.