Target avoids litigation in the wake of the 2013 cyberattack that exposed the names and credit card numbers of 40 million customers.
(TNS) --The Securities and Exchange Commission decided not to penalize Target Corp. for the 2013 cyberattack that led to the exposure of millions of customers’ data, the company said Tuesday.
The agency was one of several governmental entities to investigate the retailer in the wake of the attack, one of the largest against a U.S. company.
In its quarterly results document, filed with the SEC and published by the agency on the Internet for investors to see, Target said the investigation ended during the May-to-July period. It said the SEC “does not intend to recommend an enforcement action against us.”
That removes one potential liability for Target over the data breach. The company continues to be under investigation from state attorneys general and private litigators over the episode and may face costs from penalties or settlements tied to them.
In November 2013, cyberthieves accessed point-of-sale terminals in hundreds of Target stores and, for three weeks before being caught, were able to download the credit card number and names of about 40 million people who made purchases. As a result, millions of people canceled credit cards or asked issuers for new ones. The retailer saw a brief, but significant dip in sales during the 2013 holidays.
In Tuesday’s filing, the company said it now estimates paying $264 million in breach-related costs, ranging from litigation claims to the expenses it experienced for fixing systems and sending out information at the time of the attack. That’s up from its previous estimate of $252 million. About $90 million has been covered by Target’s insurers.
While it faced hundreds of lawsuits in the months after the breach, they were consolidated into three main tracks of litigation. One track, a group of lawsuits in which consumers are plaintiffs, was settled for $10 million earlier this year.
On another track are four claims brought by each of the four big credit card companies on behalf of banks and other institutions that issue their respective cards. Last week, Target and Visa Inc. agreed to settle the Visa-related claim for $67 million. “With respect to the three major payment card networks other than Visa, we think it is probable that our disputes would lead to settlement negotiations,” Target said in Tuesday’s filing.
Earlier this year, a settlement that Target had negotiated with MasterCard Inc. for $19 million fell apart when it was rejected by issuers of MasterCard. And a group of attorneys has filed a lawsuit seeking class action status on behalf of card issuers that may result in a legal process apart from the negotiations with the credit card companies. A hearing on that suit is scheduled for next month in a Minneapolis court.
On yet another track is a suit brought in Canada that was dismissed but is being appealed.
©2015 the Star Tribune (Minneapolis) Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.