BreachExchange mailing list archives
Target, MasterCard Settle Over Breach
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 16 Apr 2015 19:30:07 -0600
http://www.bankinfosecurity.com/target-mastercard-settle-over-breach-a-8110 Target has agreed to pay a total of up to $19 million to issuers of MasterCard payment cards over losses and expenses they incurred as a result of the retailer's massive 2013 breach. The settlement announced April 15 is contingent on issuers of at least 90 percent of the eligible MasterCard accounts accepting their offers by May 20. If sufficient issuers accept the offer, Target says they'll be paid by the end of June. "This settlement provides our issuers a reasonable resolution of the Target data breach event," says Eileen Simon, MasterCard chief franchise integrity officer. "The timely reimbursement of costs and losses under the agreement delivers MasterCard issuers a faster and more certain resolution to the event, while reinforcing our commitment to maintain the integrity of industry security standards." MasterCard, in a statement, says issuers that choose not to accept this offer will have their claims determined by MasterCard internal processes and may receive more or less than the amounts offered in this settlement, depending on various factors. Those include MasterCard's final determinations of their claims and the outcome of any litigation that Target might file to challenge claim awards to issuers outside of this settlement. Target also is in negotiations with Visa for a breach-related settlement, according to the Wall Street Journal. 'Long Overdue' Jim Nussle, chief executive of the Credit Union National Association, criticizes the delay in reaching a settlement with MasterCard. "It is about time that Target steps up to its responsibilities in this breach," Nussle says. "And it is long overdue for merchants to start living up to their responsibilities in protecting customers' sensitive information by adopting higher security standards." Dan Berger, chief executive of the National Association of Federal Credit Unions, says the size of the MasterCard settlement was disappointing. "While we appreciate that the settlement attempts to hold Target somewhat accountable, we were hoping it would be more than just pennies on the dollar," Berger says. "We believe that this demonstrates the reason why Congress must act to protect consumers' financial information by enacting stronger standards and holding retailers and merchants directly accountable for their data breaches." As Target and MasterCard announced their settlement, the House Energy and Commerce Committee passed a data breach notification and security bill that calls on companies to take "reasonable security measures and practices" to secure the personally identifiable information of customers (see National Data Breach Notification Bill Advances). Target says the 2013 breach compromised at least 40 million payment cards and might have caused the pilfering of personal information from as many as 110 million people. The retailer has reported that its breach costs have totaled at least $252 million so far, with $90 million covered by insurance. The retailer last month announced a pending $10 million settlement of a consumer lawsuit. Target and MasterCard did not immediately respond to requests for comment. Information Security Media Group will update this story as more information becomes available.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Target, MasterCard Settle Over Breach Audrey McNeil (Apr 22)