Target Is Restructuring
Target suffered a massive data breach in 2013 Reuters

A group of US banks and credit unions that suffered from the 2013 data breach at Target is seeking to block the proposed $19m (£12.6m, €17.7m) settlement between the retailer and MasterCard, claiming the amount is meagre as compared to actual costs and losses.

Lawyers for the plaintiffs filed a motion against the settlement in the US District Court of Minnesota, asking the court to issue a preliminary injunction to void the scheme and require class members to be notified of Target's and MasterCard's "misleading and coercive acts". The motion also seeks class action status.

The complaint reads the settlement was reached "without the involvement, review or approval of the court or the court-appointed counsel for the class of financial institutions".

"Target's 'settlement' with MasterCard conspires to extinguish the financial institutions' claims against Target for extremely low amounts, despite the fact that Target's direct exposure to the financial institutions is much greater than what MasterCard's ADC Program and Security Rules create," it says.

It adds: "The total losses actually suffered by card-issuing financial institutions are astronomically higher than the $19 million offered under the proposed settlement."

It also noted that the lead counsel would have asked to participate in the negotiations in the hope of obtaining a global settlement, or would have immediately brought this issue to the court if Target or MasterCard had disclosed to the lead counsel and the court that they were negotiating a settlement that would completely eliminate class action liability against Target.

The motion is scheduled to be heard in the federal court on 27 April.

Target earlier said the settlement covers costs that banks incurred to reissue credit cards and debit cards as a result of the breach, as well as some of the fraud that resulted from the exposure of customer information.

Security breach

Target discovered a major security breach in December 2013. Payment data from about 40 million credit and debit cards were stolen from Christmas shoppers at its stores over 19 days between 27 November and 15 December.

It has since been revealed that a further 70 million customer records with sensitive information such as names, telephone numbers and email addresses were also stolen.

The retailer is facing a number of lawsuits over the data breach, and its senior management was called before Congress to explain about the data breach and preventive measures undertaken to ensure customer security.