Target data breach could be costly for payment partners
By Ross Kerber
BOSTON (Reuters) - Companies that help Target Corp process payments could face millions of dollars in fines and costs resulting from the unprecedented data breach that struck the retailer over the holiday shopping season.
Investigators are still sorting through just how thieves compromised about 40 million payment cards and the information of about 70 million Target customers. But people who have reviewed past data breaches believe Target's partners could face consumer lawsuits and fines that payment networks such as Visa Inc and MasterCard Inc often levy after cyber security incidents.
Target's partners "have deep pockets and are intimately involved in certain aspects of how Target gets paid," said Jamie Pole, a cyber security consultant in Asheboro, North Carolina, who works for government agencies and the financial industry.
Fines and settlement costs could reach into the millions of dollars for individual companies, he said, though much will depend on how the ultimate liability for the breach is determined.
Boston attorney Cynthia Larose of Mintz Levin said Target would likely seek to add its partners as defendants to lawsuits already filed over the breach. "These class-action lawsuits start to bring everyone in at some point," she said.
After its systems were penetrated by hackers in the mid-2000s, retailer TJX Companies Inc agreed to pay up to $40.9 million to cover fraud costs in a settlement with Visa. Visa also issued penalties of $880,000 against Fifth Third Bancorp of Ohio, which processed transactions for TJX.
Asked about the business relationships and possible costs, Target spokeswoman Molly Snyder declined to comment, citing the ongoing investigation and pending suits. A Visa spokeswoman declined to comment. A MasterCard spokesman said the company could not discuss an ongoing investigation.
HANDLING TARGET TRANSACTIONS Continued...