As a Result of the 2013 Breach, Target Sues its Insurer

Data breaches saw more of a spotlight in 2019 as hackers accessed more than 7.9 billion consumer records by this past fall alone. This chilling number illustrates the reality that individuals and companies alike are facing, that cybersecurity should be at the forefront of everyone’s mind.

But while 2019 may have been the year of the cyber breach, these attacks are nothing new. In fact, back in 2013, retail giant Target was hit with a multi-million-dollar breach. Now, Target is suing its insurer, Chubb, for denying claims to reimburse the retailer for tens of millions of dollars it has paid out for new payment cards as part of settlements.

The lawsuit, against ACE American Insurance Co., part of the Chubb Corp., was filed recently in U.S. District Court in Minnesota where Target is based.

The Lawsuit

In the lawsuit, Target explains that it has paid out a total of $138 million to consumers, including attorneys’ fees, to banks to take care of claims related to the data breach from six years ago. In this situation, some costs could be offset by cyber risk services and more comprehensive insurance coverage, but the size and scale of the breach and its effects have a wide reach. Some of the costs were paid or reimbursed by insurers involved, but Target noted that at least $74 million that it paid to settle the claims over the costs of replacing payment credit cards has not been approved by insurers.

These costs should have been covered by Target’s general liability policy with ACE because the policy outlines property damage sa including loss of tangible property that is not physically injured, like credit cards attached to paying customers.

Instead, Target has been held liable for the loss of payment cards that were not injured. This issue has been volleyed back and forth by Target and ACE for the last year without any progress.

Opening the Floodgates

The breach on Target was a massive cover story when it hit more than half a decade ago. But since then, millions more dollars and consumers have been affected by similar breaches that have uncovered millions of personal data points, such as payment information, insurance coverage, bank account info, and more.

Since then, banks have been directed to dedicate major resources to cancelling and reissuing physical payment cards, like Target’s ordeal. The costs related to something like this include the cost of producing the card itself, mailing them out to consumers, or reissuing a new card altogether.

In response to this issue, banks began suing Target for their own losses of having to reproduce and reissue cards. In January 2014, Target began its correspondence with its insurance provider, ACE, when lawsuits from customers and banks started rolling in. However, ACE was slow to accept its responsibility for the issue.

Going further, Target noted that it reached a settlement in a class-action suit that banks brought against it in 2016, amounting to about $58 million, on top of more confidential settlements reached with card companies, including Visa, MasterCard, American Express, Discover, and individual banks.

Altogether, Target has paid out about $292 million in expenses associated to its single breach six years ago.

About Connected Risk Solutions

At Connected Risk Solutions, we use our expertise and experience to provide insurance information and programs to those who serve long-term care and senior living facilities. Since 2007, we’ve been offering insurance and risk management plans designed to help our agents give their clients the ability to achieve continued growth while simultaneously protecting against loss, containing costs and increasing profitability. To learn more, contact us at (877) 890-9301.