Target reaches settlement with Visa related to massive 2013 data breach

NEW YORK – Target has reached a deal to pay up to $67 million to settle Visa claims related to a massive 2013 data breach that resulted in the theft of millions of debit and credit card numbers.

Both Target Corp. and Visa Inc. confirmed the agreement Tuesday, but wouldn’t put a dollar amount on the deal. A person familiar with the situation said the agreement is worth up to about $67 million in pre-tax payments to Visa and the financial institutions that issued the potentially affected cards.

The breach of Target’s computer systems compromised 40 million credit and debit card accounts. The hackers also stole the personal information, including names and addresses, of as many as 70 million people, putting them at risk of identity theft.

Related: Judge OKs $10 million settlement of class action lawsuit over Target Corp. data breach

The personal data of a number of Canadian shoppers was also compromised, although Target said at the time that they represented “well under” one per cent of the total.

Unlike a $19-million agreement between Target and MasterCard Inc. that fell apart in May, this deal isn’t in danger of failing due to a lack of support from affected banks and credit unions.

The Minneapolis retailer said Tuesday that the issuers of a majority of the cards that were compromised in the breach have entered into direct settlements with Target and Visa, giving the two companies the green light to make a larger deal.

Related: Fewer small businesses buying cyber liability insurance since Target breach

Charles Zimmerman, a lawyer for a group of banks that are suing Target over breach-related losses, called the settlement another attempt by the retailer to avoid fully reimbursing card issuers. His group is asking for class-action status and has a hearing scheduled for Sept. 10.

Target disclosed the breach on Dec. 19, 2013, the peak of the holiday shopping season. Shoppers, fearing for the security of their private data, avoided Target stores. The fallout negatively affected sales for months.

Related: Target CEO Gregg Steinhafel resigns as fallout from massive data breach continues

The breach was a major factor behind the abrupt departure of its CEO Gregg Steinhafel last year.

The incident pushed banks, retailers and card companies to speed the adoption of microchips in U.S. credit and debit cards. Chip cards are safer because, unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, they use a one-time code that moves between the chip and the register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards are also nearly impossible to copy, experts say.

Target overhauled some of its divisions that handle security and technology. The company has also been upgrading its cash registers so they can accept chip cards in its nearly 1,800 stores.

Shares of Target, which is set to release to release its second-quarter results before the markets open Wednesday, rose $1.32, or 1.7 per cent, to $80.30 Tuesday. Visa shares rose 6 cents to $74.47.