Court rules against Target in 2013 data breach case

Target Corp. cannot recover from Chubb Ltd. units the settlements it paid to banks in connection with a 2013 data breach, a federal district court ruled Monday.

The Minneapolis-based retailer was the target of a computer breach that exposed the payment card information of some 110 million customers in December 2013.

It filed suit against Chubb Ltd. units in federal district court in St. Paul in November 2019, charging the insurer improperly refused to indemnify it for part of the costs it incurred in connection with the data breach. The suit asked to recoup up to the $74 million in costs that Target incurred.

The focus of the litigation is a policy provision for “ultimate net loss” because of “bodily injury or “property damage,” according to Monday’s ruling in Target Corp. v. ACE American Insurance Co., et al.

“Target’s theory seems to be that, because the payment cards allegedly lost their use and Target resolved the Payment Card Claims by paying a settlement, the settlement of that liability necessarily constitutes damages because of a loss of use,” the ruling said.

The record “is devoid of any allegation of evidence as to what the value of the use of the payment cards is, either to Target’s customers or to the payment card companies. And as the value of the use is not established or even approximated … damages cannot be ‘based on’ the loss of use,” the ruling said.

“Target has not established a connection between the damages incurred for settling claims related to replacing the payment cards and the value of the use of those cards, either to the payment-card holders or issuers,” the ruling said in granting the insurers’ motion for summary judgment.

The insurers in the case are Chubb units ACE American Insurance Co. and ACE Property & Casualty Insurance Co.

Target and insurer attorneys did not return requests for comment.