June 10, 2015
Probably one of the most infamous payment data breach cases ever was the massive attack on Target stores in 2013 which led to the loss of 110 million payment card numbers and the personal information of over 70 million shoppers. However, Target’s confident customers’ accounts haven’t been compromised because the information was encrypted.
Key highlights of the Target data breach:
Settlement with the customer:
Each victim of the data breach can get up to US $10,000. The total outlay for the data breach is US $10 million. However, the money lot is only available for customers who can demonstrate a loss, and the entire onus of proving the loss lies on the shoulder of the customer. It is estimated that only a few customers would manage to get $10,000, while many of the affected customers may get only $100.
Settlement with the issuers:
In early March 2015, MasterCard had offered a $19-million settlement for issuers as a compensation for the Target data breach. The $19 million was reimbursement for fraudulent charges and the cost that card issuers suffered in re-issuing cards that had been compromised during the breach. The settlement needed agreement from at least 90% of MasterCard issuing banks and credit unions.
The banks argued that the settlement represented only a fraction of their losses, which they estimated at more than $160 million (half towards issuing new cards and the other half to fraud). MasterCard’s offer did not get accepted as 90% of the banks and credit unions did not agree to it. Citigroup, Capital One and JPMorgan Chase who account for more than 40% of the branded cards did not approve the deal. The future of the MasterCard deal is unclear as banks are expecting a better compensation in courts. On the other side, Target is still in settlement negotiations with Visa.