Cost of Target Data Breach for Banks Tops $200M

Financial institutions’ bill for Target’s massive data breach keeps rising.

Costs related to the data theft have now exceeded $200 million for financial institutions, according to data collected by the Consumer Bankers Association and the Credit Union National Association.

The two trade associations said Tuesday that 21.8 million of the 40 million compromised credit and debit cards have been replaced.

The Consumer Bankers Association, which represents the nation’s largest financial institutions as well as many regional banks, estimated that the cost of card replacement for its members has reached $172 million, up from an initial finding of $153 million. The Credit Union National Association says the cost to credit unions has increased to $30.6 million, from an original estimate of $25 million.

The more than $200 million in costs doesn’t take into account any fraudulent activity, which would push the cost of the data breach to the industry higher, as consumers are not held liable.

Target Corp., based in Minneapolis, has said that 40 million credit- and debit-card accounts were affected by a data breach that happened between Nov. 27 and Dec. 15, just as the year-end shopping season was getting into gear. Hackers stole personal information — including names, phone numbers, and email and mailing addresses — from as many as 70 million customers as part of that hack.

The nation’s second-largest discounter is offering free credit-monitoring services for a year to those who had their data compromised.

When the final tally is in, Target’s breach may eclipse the theft at TJX, which was disclosed in 2007 and compromised more than 90 million records.