Target has $100 million of cyber insurance and $65 million of D&O coverageReprints
Target Corp., which last month had a massive data breach that exposed the credit and debit card information of some 70 million customers, has at least $100 million of cyber insurance, including self-insured retentions, and $65 million of directors and officers liability coverage, according to insurance industry sources.
These well-placed sources, who requested anonymity, said Minneapolis-based Target is self-insured for the first $10 million of cyber coverage. On top of that, there's additional cyber insurance through: $15 million of excess coverage with Ace Ltd.; then a $15 million layer with American International Group Inc.; a $10 million layer with Bermuda-based Axis Capital Holdings Ltd.; another $10 million coverage layer with AIG; then a quota share for the next $40 million of cyber insurance divided among four unidentified insurers.
To protect against executive liability, the third-largest U.S. retailer has: a $10 million self-insured retention; followed by $25 million in primary D&O coverage with AIG; followed by an additional $15 million of coverage with Ace; and then $15 million of coverage with the Hartford, Conn.-based based Travelers Cos. Inc.
On Dec. 19, Target said the data breach, during three weeks of the recent holiday shopping season, affected 40 million customers. Then on Jan. 10, the retailer said its investigation showed the breach was worse than anticipated and involved the theft of financial information of 70 million customers. That personal information, the retailer said, included PIN data embedded in customers' credits cards.
Target said its customers will have no liability for fraudulent charges resulting from the data breach. The breach has triggered state and federal investigations, as well as several lawsuits against Target.
Target declined to comment on its cyber and D&O insurance coverage. A Travelers spokeswoman said in a statement the insurer cannot confirm whether anyone is a client. An Ace spokeswoman said in a statement: “As a matter of company policy and confidentiality, we do not comment on specific claim incidents and cannot confirm or deny coverage with any particular company.'' AIG declined to comment. An Axis representative could not be reached for comment.