Target Corp. agreed to pay more than $39 million to banks and credit unions for losses from a 2013 holiday-season data breach that led to the exposure of as many as 40 million payment cards.
The financial institutions sued the Minneapolis-based retailer to recover an estimated $200 million in costs stemming from the hack. Expenses included issuing replacement cards.
In a memorandum filed Wednesday describing the agreement, lawyers for the banks and credit unions said Target will contribute more than $20 million to a general settlement fund and more than $19 million to a separate recovery program handled by MasterCard Inc.
“This settlement is a strong and important result for those financial institutions that sustained losses as a result of the Target data breach, providing compensation well beyond what the card brand networks offered,” Charles Zimmerman, a lawyer for the financial institutions, said in a statement.
Target spokeswoman Molly Snyder said the retailer is “pleased that the process is continuing to move forward.”