Target agrees to pay $10M in lawsuit over data breach

The cyber attack had already cost the company $162 million, more than any other store that was hit

(Come mingle with hundreds of top venture capitalists representing $10B-plus in capital under management, including Khosla Ventures, Greylock and Javelin Venture Partners, and learn from founders/CEOs including Marco Zappacosta, Co-founder & CEO of Thumbtack and Adam Goldenberg, CEO of JustFab, Slava Rubin, Founder & CEO of Indiegogo, at Vator Splash Oakland on April 22nd and 23rd. Get your tickets here!)

The Target data breach, which is so far already costing the company more than any other retailer hit by hackers, is about to get even more expensive.

The company was hit with a class action lawsuit over the breach last year, filed by consumers who were affected by the attack. Now Target has reached a proposed settlement on the suit, according to a reportout from Reuters on Thursday, agreeing to pay out the sum of an additional $10 million.

The proposal would also make it so that Target would be required to adopt, and implement, certain data security measures. That includes appointing a chief information security officer and maintaining a written information security program.

None of this is yet finalized, and still necessitates an approval from a federal court. If, and when, the terms are agreed upon, Target would be paying individuals up to $10,000 in damages. Claims will be submitted and processed primarily online through a dedicated website.

"We are pleased to see the process moving forward and look forward to its resolution," a Target spokeswoman told Reuters.

VatorNews has reached out to Target for comment on the settlement. We will update this story if we learn more. 

The additional $10 million the company will be paying only adds to what has already become an extremely expensive cyber attack.

The breach, which occurred between November and December of 2013, was said to have potentially affected up to an astounding 70 million customers who shopped at the store, as well as up to 40 million credit cards.

In its fourth-quarter and full-year 2014 earnings report last month, Target revealed the incident had already cost the company $162 million over the span of two years.

In the fourth quarter of 2013, Target said it saw $61 million in expenses relating to the breach, but ultimately only claimed a loss of $17 million, due to $44 million being offset by insurance receivables. Much more money was lost in 2014: a total of $191 million was spent, though it came down to $145 million due to $46 million insurance receivable.

Target is far from the only retailer to be hacked in the last couple of years, but it still taken the biggest hit yet.

Michael's was hacked in 2014, putting 3 million cards at risk and a Neiman Marcus breach in January of 2014 put 1.1 million cards at risk.

In October, Dairy Queen revealed that it too was breached, though the exact size and scope was not revealed. A Kmart breach the same month also did not come with any numbers.

The other really large retail hacking  was of the Home Depot in September. That one may have been even bigger than Target, potentially affecting 56 million credit cards and 53 million e-mail addresses.

And yet none of these other breaches have, so far, cost as much as Target's has. Neiman Marcus saw a net loss of $147.2 million in 2014, compared with net income of $163.7 million in 2013, and attributed that lost to expenses, including legal fees and the cost of credit monitoring services, from the hacking. 

In an recent SEC filing, Home Depot stated that the data breach cost the company $43 million in the third quarter of 2014 alone, though that was partially offset by a $15 million receivable, getting the number down to $28 million. 

As much as these stores would love to put these incidents behind them, the affect is still being felt. Arecent report highlighted incidents of credit cards that were stolen in the attacks being used in fraudulent transactions on Apple Pay.  

The majority of those fraudulent purchases have apparently been made at Apple Store, because of the higher price of those goods, as opposed to other retailers, like Whole Foods and Panera Bread, which don't offer anywhere near the same retail value.

(Image source: marketingautomationtimes.com)