NAFCU statement in response to final judgment creating $59 million tab in Target settlement with financial institutions

WASHINGTON, DC (May 18, 2016) — National Association of Federal Credit Unions (NAFCU) Executive Vice President of Government Affairs and General Counsel Carrie Hunt issued the following statement in response to final judgment from Target Corp. with financial institutions based on the retailer’s massive data breach in 2013. Combined with the attorneys’ fees, the settlement creates approximately $59 million in overall monetary class benefits.

“In the nearly three years since Target’s huge data breach, consumers remain extremely susceptible to cyberattacks” said Hunt. “We continue to urge Congress to protect consumers’ financial information by enacting national data security standards for retailers and holding them directly accountable for their data breaches.”

“Much more needs to be done to protect consumers and make credit unions whole,” Hunt continued. “Litigation is not the answer and it is a poor substitute for much-needed data security standards for retailers.”

The parties had previously reached a $39M settlement agreement on or about December 1, 2015 to resolve the dispute.  This is the first case in which financial institutions have obtained class certification and a settlement against a retailer that suffered a data breach.

The Target suit entered final judgment which approves:

  • The class action settlement reached between Target and the Financial Institutions Plaintiffs;
  • Grants Financial Institutions Plaintiffs’ Motion for Attorney’s Fees and awards fees in the amount of $19,900,000.00;
  • Approves a Service Payment to each Settlement Class Representative in the amount of $20,000.00; and
  • Dismisses the case with prejudice.

The 2013 Target breach exposed approximately 40 million credit and debit cards to fraud. The full cost of the breach to financial institutions still remains to be determined. Target also said personal data, such as email addresses and phone numbers, for as many as 110 million persons was also stolen.

The settlement goes to financial institutions, including one credit union, whose payment cards were at risk in the breach at Target.

Credit unions and other financial institutions already protect consumers’ personal data under the provisions of the 1999 Gramm-Leach-Bliley Act (GLBA). Unfortunately, there is no comprehensive regulatory structure similar to GLBA for other entities, such as retailers, that handle sensitive personal and financial data. NAFCU urges support for H.R. 2205/S.961, the Data Security Act of 2015. Introduced by Representatives Rep. Randy Neugebauer, R-Texas, and Rep. John Carney, D-Del., and Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., respectively. The bipartisan bill would set a national data security standard for retailers akin to GLBA while acknowledging financial institutions existing adherence to GLBA standards.

NAFCU was the first financial trade organization to call for national data security standards for retailers, and it continues to push for legislative action on Capitol Hill.


The National Association of Federally-Insured Credit Unions is the only national trade association focusing exclusively on federal issues affecting the nation’s federally-insured credit unions. NAFCU membership is direct and provides credit unions with the best in federal advocacy, education and compliance assistance. For more information on NAFCU, go to or @NAFCU on Twitter.


Bobby Grant
Associate Director, Media Relations & Communications
National Association of Federally-Insured Credit Unions
3138  10th Street North
Arlington, VA 22201-2149
d: (703) 842-2230 c: (631) 565-9678 |

More News