Third Party Breaches Can Have Long Term Impact on Cost
Breaches happen in minutes. Lawsuits happen for years.
The total costs of Target’s 2013 data breach of 40 million customer credit card numbers will continue to be an unknown for a whole lot longer than the giant retailer would likely want after financial institutions rejected a proposed settlement from Target with MasterCard last Friday. MasterCard told Reuters it did not have enough participation from financial organizations (which needed a 90% threshold of participants).
How Far Will The Target Data Breach Damages Go?
All indications are that the company wants to make right by its customers and business partners following a breach linked to a third party (who happened to be one of Target’s refrigeration, heating and air conditioning vendors). The extent of the damages to business partners and financial institutions, however, are far from being completely tallied.
Credit unions, in particular, did not like the proposed April deal, and have been vocal about their dissent. According to SC Magazine, National Association of Federal Credit Unions (NAFCU) Senior Vice President of Government Affairs and General Counsel Carrie Hunt made the following statement after news of the settlement’s demise arrived right before the holiday weekend:
The failure to opt in to the settlement by financial institutions sends a strong signal to card companies that the current reimbursement system does not work and financial institutions need to be made whole.
This is a setback for Target and its legal team as it opens up the possibility for additional lawsuits from individual banks, credit unions, and others. The unfortunate news for Target is that the legal wranglings will continue to be an unfolding media story that will likely go on for years.
Target received preliminary approval for a $10 million settlement with consumers back in March, according to The New York Times, however, customers still have time to object until November 10 of this year.