Target Is Restructuring
Target suffered a massive data breach in 2013 Reuters

A $19m (£12.2m, €17.1m) settlement agreed between Target and MasterCard to reimburse financial institutions that suffered from a massive data breach at the US retailer in 2013 has fallen through.

MasterCard said the proposed agreement that required the approval by at least 90% of the affected banks did not receive the needed support. It confirmed that fewer than 90% of the financial institutions accepted the offer; therefore, it will not become effective.

A group of US banks and credit unions earlier sought to block the proposed settlement, filing a motion against the settlement in the US District Court of Minnesota.

The motion claimed the amount is meagre as compared to actual costs and losses and asked the court to issue a preliminary injunction to void the scheme and require class members to be notified of Target's and MasterCard's "misleading and coercive acts".

The court rejected the attempt to block the settlement, but expressed concerns about its fairness, stating that "the terms of the settlement do not appear altogether fair or reasonable" and that it may not "pass the smell test".

"We are pleased that financial institutions have resoundingly rejected Target and MasterCard's attempt to avoid fully reimbursing the losses suffered during one of the largest data breaches in US history," said Charles Zimmerman of Zimmerman Reed PLLP and Karl Cambronne of Chestnut Cambronne PA, the lead lawyers for the plaintiffs.

"Financial institutions clearly saw through Target's misleading statements and efforts to extinguish pending legal claims for pennies-on-the-dollar. We will continue working to hold Target accountable and ensure that all affected financial institutions receive proper compensation for losses resulting from this data breach."

Target discovered a major security breach in December 2013. Payment data from about 40 million credit and debit cards were stolen from Christmas shoppers at its stores over 19 days between 27 November and 15 December.

It has since been revealed that a further 70 million customer records with sensitive information such as names, telephone numbers and email addresses were also stolen.

The retailer is facing a number of lawsuits over the data breach, and its senior management were called before Congress to explain about the data breach and preventive measures undertaken to ensure customer security.

In March, Target agreed a $10m settlement with customers hit by the data breach.