A $19 million deal between Target and MasterCard to settle lawsuits stemming from the retailer's massive pre-Christmas 2013 data breach has been scrapped, because it failed to get enough support from the affected banks and credit unions.
While the rejection sends the companies back to the drawing board, advocates for the financial institutions said they were pleased, claiming that the settlement would have provided compensation for just a fraction of the losses.
Under the settlement announced last month, Target Corp. agreed to set aside $19 million for banks and credit unions that had issued MasterCards swept up in the breach that compromised 40 million credit and debit card accounts between Nov. 27 and Dec. 15, 2013.
Banks and credit unions would have been able to use the money to cover operating costs and fraud-related losses stemming from the breach. But the settlement needed 90 percent of the issuers to accept the offer in order for it to go into effect.
MasterCard Inc. would only say Friday that not enough issuers approved the deal. It would not reveal exactly how close it got to the 90 percent threshold.
"At this stage, we will continue to work to resolve the matter," the company said in a statement.
Minneapolis-based Target confirmed that it had been notified by MasterCard of the development and declined further comment.
Lawyers for banks that had sued Target over breach-related losses called the settlement an attempt by Target to "extinguish pending legal claims for pennies-on-the-dollar."
Lead attorneys Charles Zimmerman and Karl Cambronne said in a statement that they will continue to push for "proper compensation" for their clients.
The National Association of Federal Credit Unions also on Friday issued a statement calling for full compensation for its affected members.
Target disclosed the massive breach on Dec. 19, 2013 during the peak of the holiday shopping season. The disclosure rattled shoppers who avoided the retailer, fearing for the security of their private data. That hurt profits and sales for months.
The breach also pushed banks, retailers and card companies to increase security by speeding the adoption of microchips in U.S. credit and debit cards. Supporters say chip cards are safer, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer's register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards are also nearly impossible to copy, experts say.
Target overhauled some of its divisions that handle security and technology. The company has also been upgrading its cash registers so they can accept chip cards in its nearly 1,800 stores. The breach was also a major factor behind the abrupt departure of its CEO Gregg Steinhafel in May 2014.