Newsroom

Reports said Target Corp. confirmed Tuesday that it reached an agreement with Visa Inc. that will reimburse card issuers as much as $67 million for costs they incurred from the retailer's massive 2013 data breach.

Carrie Hunt, NAFCU's senior vice president of government affairs and general counsel, called that a step in the right direction, but she said more needs to be done.

"We continue to urge Congress to act to protect consumers' financial information by enacting national data security standards for retailers and holding them directly accountable for their data breaches," Carrie Hunt, NAFCU's senior vice president of government affairs and general counsel, said in a statement.

As to this settlement, she said it "may be a start, but much more needs to be done to make credit unions whole. Credit unions deserve to be fully compensated for their losses."

The 2013 Target breach exposed some 40 million credit and debit cards to fraud. The Wall Street Journal (subscription required) reports that banks and credit unions, based on trade association estimates, spent more than $350 million to reissue cards and address other issues related to this breach and another at Home Depot.

The deal comes three months after issuers rejected a $19 million settlement proposed by Target and MasterCard. It is based "on a condition that a subset of Visa card issuers entered into direct settlements with Target and Visa," Reuters reported.

The settlement satisfies the maximum amount set by Visa under its rules, but it does not necessarily make financial institutions whole, Brandy Bruyere, NAFCU's senior regulatory compliance counsel, noted.

NAFCU will provide more information to members as it becomes available.