Target Corp. said on Tuesday that it has reached a settlement agreement with Visa that will pay the card network and its issuers up to approximately $67 million for costs related to the retailer's massive 2013 data breach, which compromised approximately 110 million credit and debit cards.
The settlement was conditioned upon issuers representing a majority of breach-affected Visa cards entering into direct settlements with Target and Visa, according to a statement from Target. That threshold has been met, Target said today.
"As a result, offers are being extended to the remaining group of eligible Visa issuers using a settlement formula that would enable them to achieve the same economics as the Visa issuers that have already settled with Target and Visa," the statement said.
The settlement satisfies the maximum amount set by Visa under its rules, but it does not necessarily make financial institutions whole, NAFCU Senior Regulatory Compliance Counsel Brandy Bruyere said in a statement.
In April of this year, Target announced a much smaller $19 million proposed settlement with MasterCard to cover issuers' costs related to the data breach. That settlement failed to receive the required 90% participation rate from issuers, and in May the deal cratered. Five financial institutions – Umpqua Bank, Mutual Bank, Village Bank, CSE Federal Credit Union and First Federal Savings of Lorain – fought the settlement and are pursuing class action status. That case is still working its way through the court system.
Charles Zimmerman, one of the attorneys representing those five financial institutions, told CU Times the Visa settlement represents an effort by Target to avoid fully reimbursing financial institutions.
"Just as with the proposed MasterCard settlement – resoundingly rejected by financial institutions in May – this deal was negotiated under a veil of secrecy without the involvement of the court or the court-appointed legal representatives of financial institutions," he said. "Importantly, it fails to fully reimburse card issuers for the substantial losses suffered from the Target data breach."
He added, "We recommend eligible financial institutions do nothing. They will receive a fraction of their recovery automatically under Visa's Global Account Compromise Recovery program, which does not require a release of claims. Financial institutions should not accept the optional Alternative Recovery Offer that requires signing a release. Financial institutions that have already agreed to an Alternative Recovery Offer should carefully reconsider their decision as the required release extinguishes all claims against Target."
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
