Target Corp. and Home Depot Inc. have both agreed to settle claims for losses caused by data breaches that compromised customers’ personal information.
Target agreed to pay $34.9 million to end claims by credit unions and banks that lost funds on account of Target’s 2013 data breach, according to Reuters. A settlement filed on Wednesday resolves lenders’ claims to hold the retailer responsible for the cost of reimbursing fraudulent charges and issuing new payment cards.
Target reported that at least 40 million credit cards were at risk on account of the breach and that as many as 110 million people could have lost personal data like phone numbers and email addresses. On Wednesday, a Target spokesperson said as many as 70 million people could have lost personal data.
Target Installs Micro-Chip Cards
Target has installed micro-chip enabled card readers in its stores to prevent future breaches.
Under the settlement, Target will pay as much as $20.25 million to credit unions and banks, and $19.11 million to MasterCard issuers.
Agreement Pending With MasterCard
The company reached an agreement in April with MasterCard, but it was canceled the next month after card issuers said the amount was too low. U.S. District Judge Paul Magnuson approved the settlement in St. Paul, Minn. A final hearing is scheduled for May 10, 2016.
Target agreed to pay Visa card issuers as much as $67 million earlier this year for the breach and reached a settlement of $10 million with shoppers, the latter accord having been court-approved last month.
Target said it has paid $290 million in costs related to the breach and expects insurers will cover $90 million.
Shareholder lawsuits remain, meanwhile, in addition to Federal Trade Commission and attorney general lawsuits.
The recent settlement covers financial institutions that issued payment cards put at risk by the breach and did not previously release claims against Target.
Trade organizations for bank and credit unions said members have lost more than $200 million.
Target will also have to pay plaintiffs’ legal fees, pending approval. The company will not be able to appeal any sum of $20 million or less, according to court documents.
Home Depot Settles With MasterCard
Home Depot settled with MasterCard over its 2014 data breach, according to The Dayton Business Journal in Dayton, Ohio. Banks have asked customers if they want to participate in the settlement. Details about the terms were not included in court filings.
Financial institutions’ attorneys said notices sent to banks were coercive and misleading. The attorneys said in a filing that Home Depot was sending notices hours before the Thanksgiving holiday when counsel and class members would have been busy. The notices required action to be taken as soon as Dec. 2 without having key information about the terms.
Stephen Holmes, a Home Depot spokesperson, said these communications did not come from Home Depot.
The attorneys representing the financial institutions said the communications indicated that class members who don’t participate in the settlement will get nothing and lose money they are entitled to under MasterCard regulations. The institutions asked the judge for an immediate hearing and to force Home Depot to provide information about communications with banks and the settlement.