Target settles for $19m with MasterCard after huge data breach

Target sign on the front of a store

Target has reached a $19 million settlement with MasterCard over a data leak that lost 70 million customer records to hackers.

The US retailer will put up to $19 million into a pot of cash to settle the claims of banks, from whom cyber thieves stole 40 million credit card details by infecting Target store payment systems with malware.

The huge data hack, which took place in November and December 2013, saw a court rule that the retailer was guilty of negligence last December.

Target had ignored multiple alerts from its FireEye-provided early warning system, and purposely disabled security software that may have prevented the breach.

Its agreement with MasterCard depends on 90 per cent of MasterCard account holders accepting the pay out by May 20, but would see the card issuers receive their compensation by June.

Scott Kennedy, president of financial and retail services at Target, said in a statement: "We are hopeful that Target's agreement to pay up to $19 million to settle the claims of MasterCard and its issuers will result in a high level of issuer acceptance.

"Target intends to continue to defend itself vigorously against any assessments made by MasterCard on behalf of MasterCard issuers that do not accept their offers."

However, any bank accepting the cash will be forced to drop any pending class action lawsuits against the retailer.

Eileen Simon, chief franchise integrity officer at MasterCard, said: "We believe this settlement provides our issuers a reasonable resolution of the Target data breach event.

"The timely reimbursement of costs and losses under the agreement delivers MasterCard issuers a faster and more certain resolution to the event, while reinforcing our commitment to maintain the integrity of industry security standards."