Nearly 18 months after it was first discovered, Target is once again resolving one of the legal issues stemming from the headline-grabbing holiday data breach.
This time, it's with MasterCard.
Target will pay out up to $19 million to the credit card company, the Minneapolis-based retailer announced Wednesday evening.
Well as USA Today explains, the money is for MasterCard to cover costs it got stuck with as a result of Target's data breach – whether it was replacing compromised cards, or paying for fraudulent purchases.
In a statement, MasterCard official Eileen Simon called it a “reasonable resolution of the Target data breach event.”
Reuters notes Visa credit cards are not included, as Target is in negotiation with them separately.
The breach, revealed during the winter holiday shopping season of 2013, resulted in 40 million payment cards being compromised.
For this case, the settlement answers a question many were wondering about in the wake of the breach: Who should pay the cost of issuing new credit cards and covering fraudulent purchases – the company that was breached, or the credit card issuers?
There are still some smaller hurdles – a certain number of MasterCard issuers have to accept the settlement by May 20.
It comes just a month after Target reached a settlement in the class-action lawsuit filed by customers who were affected by the breach.
A $10 million fund will be established for victims of the breach who can prove they suffered monetary losses. Each victim will be eligible for up to $10,000 compensation.