Login Register Subscribe
Current Issue

Target has $100M of cyber insurance, $65M of D&O cover: Sources

Reprints

Target Corp., which last month had a massive data breach that exposed the credit and debit card information of some 70 million customers, has at least $100 million of cyber insurance, including self-insured retentions, and $65 million of directors and officers liability coverage, according to insurance industry sources.

These well-placed sources, who requested anonymity, said Minneapolis-based Target is self-insured for the first $10 million of cyber coverage. On top of that, there's additional cyber insurance through: $15 million of excess coverage with Ace Ltd.; then a $15 million layer with American International Group Inc.; a $10 million layer with Bermuda-based Axis Capital Holdings Ltd.; another $10 million coverage layer with AIG; then a quota share for the next $40 million of cyber insurance divided among four unidentified insurers.

To protect against executive liability, the third-largest U.S. retailer has a $10 million self-insured retention, followed by $25 million in primary D&O coverage with AIG, followed by an additional $15 million of coverage with Ace, then $15 million of coverage with the Hartford, Conn.-based based Travelers Cos. Inc.

On Tuesday, a Target spokeswoman said in an email that the company had no additional details to share. A Travelers spokeswoman said in a statement the insurer cannot confirm whether anyone is a client. An Ace spokeswoman said in a statement: “As a matter of company policy and confidentiality, we do not comment on specific claim incidents and cannot confirm or deny coverage with any particular company.'' AIG declined to comment. An Axis representative could not be reached for comment.

Initially, Target on Dec. 19 said the data breach during three weeks of the recent holiday shopping season affected 40 million customers. Then last week, the retailer said its investigation showed the breach was worse than anticipated and involved the theft of financial information of 70 million customers. That personal information, the retailer said, included PIN data embedded in customers' credits cards.

Target said its customers will have no liability for fraudulent charges resulting from the data breach. The breach has triggered state and federal investigations, as well as several lawsuits against Target.