Target Sues Insurer Over Data Breach Costs

Target is suing its insurer for costs of up to $74M that were incurred as a result of a data breach.  

America’s eighth-largest retailer claims ACE American Insurance Co. failed to pick up the tab for issuing customers with new plastic payment cards after their existing cards were compromised in the November 2013 incident.

New cards had to be issued after a hacker installed software on Target’s computer network and gained access to the personal information of 60 million customers and the payment card information of 40 million customers in November 2013.

Target filed the lawsuit against Pennsylvania-based ACE, which is now part of Chubb Corp, on Tuesday in the US District Court in Minnesota.

Steve Durbin, Managing Director of the Information Security Forum, commented: “Cyber risk is unquestionably one of the biggest challenges facing the insurance industry today and the knock-on effect will be with us for some time as claimants continue to try to lodge claims on policies that were not specifically designed to cover all the intricacies of cyber risk.

“Insurance policies are traditionally written around past precedent and in such a fast-moving environment as cyber I expect to continue to see such cases arising where courts will be asked to set precedent in the absence of historical reference points.”

In total, the breach is reported to have cost Target about $292 million in expenses, of which roughly $90 million were offset by insurance.