Target will pay MasterCard $19M for credit card breach

The incident affected up to 40 million credit and debit cards, which had to be resissued

(Come mingle with hundreds of top venture capitalists representing $10B-plus in capital under management, including Khosla Ventures, Greylock and Javelin Venture Partners, and learn from founders/CEOs including Marco Zappacosta, Co-founder & CEO of Thumbtack and Adam Goldenberg, CEO of JustFab, Slava Rubin, Founder & CEO of Indiegogo, at Vator Splash Oakland on April 22nd and 23rd. Get your tickets here!)

The Target data breach was extremely costly. Not only did it cost the CEO of the company his job, but it seems like Target has also been paying dearly for it monetarily ever since. 

Target has settled a lawsuit against one of the credit card companies involved in the breach, MasterCard, agreeing to pay $19 million, the company revealed on Wednesday. 

That money will covers cost that banks incurred to reissue credit cards and debit cards to customers as a result of the breach. And there are a lot of redit cards that needed to be sent out: the breach was said to have potentially affected up to an astounding 70 million customers who shopped there, as well as up to potentially 40 million credit cards.

The settlement is conditioned on issuers of at least 90% of the eligible MasterCard accounts accepting their alternative recovery offers, either directly or through their sponsoring issuers, by May 20th of this year.

The estimated costs of this settlement are already reflected in the data breach liabilities that Target established during fiscal 2013 and 2014, in which is pegged the cost of the breach at $162 million. 

In its fourth-quarter and full-year 2014 earnings report last month, Target revealed the incident had already cost the company $162 million over the span of two years.

In the fourth quarter of 2013, Target said it saw $61 million in expenses relating to the breach, but ultimately only claimed a loss of $17 million, due to $44 million being offset by insurance receivables. Much more money was lost in 2014: a total of $191 million was spent, though it came down to $145 million due to $46 million insurance receivable.

In addition, Target also agreed to pay $10 million in a class action lawsuit, whichwould also make it so that the company would be required to adopt, and implement, certain data security measures. That includes appointing a chief information security officer and maintaining a written information security program.

Target is also currently negotiating a similar settlement with another credit card company, Visa.

Security breaches

Target is far from the only retailer to be hacked in the last couple of years, but it still taken the biggest hit yet.

Michael's was hacked in 2014, putting 3 million cards at risk and a Neiman Marcus breach in January of 2014 put 1.1 million cards at risk.

In October, Dairy Queen revealed that it too was breached, though the exact size and scope was not revealed. A Kmart breach the same month also did not come with any numbers.

The other really large retail hacking  was of the Home Depot in September. That one may have been even bigger than Target, potentially affecting 56 million credit cards and 53 million e-mail addresses.

And yet none of these other breaches have, so far, cost as much as Target's has. Neiman Marcus saw a net loss of $147.2 million in 2014, compared with net income of $163.7 million in 2013, and attributed that lost to expenses, including legal fees and the cost of credit monitoring services, from the hacking. 

In an recent SEC filing, Home Depot stated that the data breach cost the company $43 million in the third quarter of 2014 alone, though that was partially offset by a $15 million receivable, getting the number down to $28 million. 

As much as these stores would love to put these incidents behind them, the affect is still being felt. Arecent report highlighted incidents of credit cards that were stolen in the attacks being used in fraudulent transactions on Apple Pay.  

The majority of those fraudulent purchases have apparently been made at Apple Store, because of the higher price of those goods, as opposed to other retailers, like Whole Foods and Panera Bread, which don't offer anywhere near the same retail value.

(Image source: wcrz.com)