The Latest / Data Security News

The Never-Ending Story and Cost of Target’s Holiday Data Breach

April 16, 2015

News reaches us that Target has agreed a settlement with MasterCard regarding the holiday data breach of 2013. The deal will see the Minnesota-based company pay some $19m of compensation to companies that issue MasterCard-branded debit or credit cards. MasterCard negotiated with Target on behalf of all the financial institutions in its network and both Target and MasterCard are hopeful the institutions accept the terms of the settlement. The agreement will only be ratified if 90 per cent of the companies involved agree.


The repercussions of Target’s data breach continue to rumble on. Last month we reported on the settlement reached in the class-action lawsuit brought against the company. In that case, Target agreed to pay out $10m to those customers affected by the breach. This time it’s almost double for MasterCard. And it’s not over for Target yet either. The company is still to reach a settlement with the companies in the Visa network – which the Wall Street Journal has suggested could be an even larger figure. Target is still paying the price for the failure of its security measures back in 2013. Correcting and repaying all the damages caused by the breach seems to be a never-ending story and the final cost a constantly moving target.

Target hope that this deal with MasterCard will be accepted by the required majority of Card issuers, although there were some defiant words from Scott Kennedy, Target’s President of Financial & Retail Services:

“We are hopeful that Target’s agreement to pay up to $19 million to settle the claims of MasterCard and its issuers will result in a high level of issuer acceptance. Target intends to continue to defend itself vigorously against any assessments made by MasterCard on behalf of MasterCard issuers that do not accept their offers.”

The card issuers have until the 20 May to deliver their decision and will then use the money to cover the cost incurred in replacing debit and credit cards in the aftermath of the breach.

Which data breach is to blame?

According to the Wall Street Journal – during the discussions – Target suggested they should not have to cover all these costs, because of the even larger Home Depot data breach later in the year. The company actually argued that the cards would have needed to be replaced a few months later anyway because of the Home Depot hack, but I’m not sure trying to spread the blame to another breach altogether is a wise tactic – though it does highlight the need for ongoing vigilance.

And it also shows that companies who fail to keep on top of their data security will pay the price for years to come. On top of these compensation amounts, Target estimate they have spent over $250m on hack related expenses in the last few years. It’s a costly business sleeping on data security.

Global Data Sentinel aim to help companies stay at the forefront of data security. We don’t believe a simple protective perimeter is enough. We encrypt and secure every piece of data. Wherever the data resides it is protected. Wherever the data is – only you possess the keys – and control who has access to it and for how long. Global Data Sentinel. Your Data. Secured. Everywhere.