Target Corp. will pay most of the costs that banks and other credit card issuers incurred because of the retailer's 2013 data breach.
The Minneapolis retailer agreed to settle a class-action lawsuit brought by financial institutions for $39 million. This is the last major litigation tied to the breach in which cyberthieves gained access to personal data of 40 million Target customers.
U.S. District Court Judge Paul Magnuson gave preliminary approval to the settlement Wednesday afternoon. The participants in the suit have three months to raise objections to terms before it is finally ordered.
The suit may set a precedent as the first time a U.S. retailer has absorbed most of the costs incurred by financial firms in a data breach. Home Depot and several other retailers are locked in similar litigation after hackers gained access to their systems.
In all such cases, the cybertheft led shoppers to seek new credit cards from banks, credit unions and other issuers. In addition to those costs, card issuers also paid for fraudulent charges on customers' stolen cards.
The two biggest card networks, Visa and MasterCard, previously reached settlements with Target that covered a portion of the losses incurred by credit card issuers. Under those settlements, payments were higher if the issuer declined to join the class-action lawsuit.
The issuers who joined the lawsuit will recover all, or nearly all, of their losses as a result of Wednesday's settlement, plaintiff's attorneys said.
"Banks who decided not to merely waive their claims but cast their lot with this class case are going to be handsomely benefiting from it," one of the lead attorneys, Karl Cambronne of Chestnut Cambronne, said in an interview.
