(Reuters) - Target Corp has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer’s late 2013 data breach.
The settlement filed on Wednesday resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards.
Target previously said at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers. A Target spokeswoman said on Wednesday that 70 million people may have lost personal data.
The Minneapolis-based retailer has taken steps to avoid a recurrence, including being among the first U.S. retailers to install microchip-enabled card readers at all stores.
Wednesday’s settlement calls for Target to pay as much as $20.25 million to banks and credit unions, and $19.11 million to reimburse MasterCard Inc card issuers.
Target reached a similar accord with MasterCard in April, but it was rejected the next month when card issuers deemed the sum too low.
The settlement won preliminary approval from U.S. District Judge Paul Magnuson in St. Paul, Minnesota, who called it “fair, reasonable and adequate,” court records showed. A hearing on final approval was scheduled for May 10, 2016.
Earlier this year, Target agreed to pay Visa Inc card issuers as much as $67 million over the breach and reached a $10 million settlement with shoppers. The latter accord won court approval last month.
Last week, Target said it had spent $290 million related to the breach, and expected insurers to reimburse $90 million. It still faces shareholder lawsuits, as well as probes by the Federal Trade Commission and state attorneys general, over the breach.
Target spokeswoman Molly Snyder said the retailer was “pleased that the process is continuing to move forward.”
The latest settlement covers all financial institutions that issued payment cards put at risk by the breach, and which did not previously release their claims against Target.
Plaintiffs have included Umpqua Holdings Corp in Roseburg, Oregon; Mutual Bank in Whitman, Massachusetts; Village Bank in St. Francis, Minnesota; CSE Federal Credit Union in Lake Charles, Louisiana; and First Federal Savings of Lorain in Lorain, Ohio.
Trade groups representing banks and credit unions have estimated their members incurred more than $200 million of expenses related to the breach.
“Financial institutions should not always have to bear the burden of extensive costs related to merchant data breaches over which they have no control,” the plaintiffs’ lawyers, Charles Zimmerman and Karl Cambronne, said in a joint statement.
Target will also pay the plaintiffs’ legal fees, pending court approval, and will not appeal any sum of $20 million or less, court papers show.
Shares of Target closed down 88 cents, or 1.2 percent, at $71.93 on the New York Stock Exchange.
The case is In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.
Reporting by Jonathan Stempel in New York and Nandita Bose in Chicago; Editing by Chizu Nomiyama, Tom Brown and Peter Cooney