Target Data Breach Settlement Falls Through


A proposed settlement between Target and MasterCard over the 2013 Target data breach has fallen through because an insufficient percentage of banks supported the deal, Reuters reports.

The agreement would have provided banks and credit unions that had sued Target in federal court with up to $19 million to settle claims, though they would have had to drop any further claims against Target.

The banks' lawyers had contended that the settlement with MasterCard, which wasn't a party to the lawsuit, was aimed at undercutting the banks' claims for damages. A federal judge rejected banks' efforts to block the settlement, but "expressed concerns about its fairness," according to Reuters.

However, the settlement required that banks that issued at least 90 percent of MasterCard accounts agree to it -- and that threshold wasn't reached.

The lead lawyer for the plaintiffs told Reuters in a statement, "We are pleased that financial institutions have resoundingly rejected Target and MasterCard's attempt to avoid fully reimbursing the losses suffered during one of the largest data breaches in U.S. history."

John Gunn, vice president of communications at VASCO Data Security, told eSecurity Planet by email that the failure of the settlement is a positive development overall. "When parties are held responsible for the losses they cause or could have prevented, they are more likely to act in an appropriate manner to safeguard valuable assets," he said.

"Banks have an incredibly high level of security and they are seldom victims of a breach -- this is a wake-up call for retailers to do the same for themselves and the third party vendors who have access to the their systems," Gunn added.

And Proficio CEO Brad Taylor said by email that issues like these serve as a reminder of the major difference between being compliant and being secure. "Executives are realizing one does not equal the other," he said. "All the breached retailers of the past year were compliant and still got breached."

"A new paradigm for security monitoring, investigation, and immediate response is needed for detecting advanced multi-tiered attacks and blocking at some point in the kill chain before a breach occurs," Taylor added.

The Target breach has had a significant impact on cyber security awareness -- a recent survey conducted by the Ponemon Institute and sponsored by Identity Finder found that while just 13 percent of IT and IT security practitioners felt senior management was extremely concerned about the threat of a data breach prior to the Target breach, that number jumped to 55 percent following the Target breach.

"This study shows that organizations are dedicating greater attention and financial resources towards managing sensitive information and preventing data breaches, which is certainly encouraging news," Ponemon Institute founder and chairman Dr. Larry Ponemon said in a statement at the time.

"However, 2015 is predicted to be as bad or worse as 2014 as more sensitive and confidential data and transactions are targeted by attacks and collateral damage," Ponemon added.