Though it may be summer before card issuers see any money,Wednesday's news of a $39 million settlement between Target andfinancial institutions affected by its 2013 data breach likelysignaled the end of a two-year legal saga that allegedly began when a Target refrigeration vendor employee openeda phishing email.

In an interview with CU Times, co-lead plaintiffs'counsel Karl Cambronne of Chestnut Cambronne PA said notice of thesettlement and instructions will go out to financial institutionsthis month. At least 7,000 financial institutions and 20,000 seniorexecutives could receive the notice, according to court documentsfiled Wednesday.

Cambronne said the timing of the settlement was due in part tothe stage the case was in.

“We had gone through, essentially, discovery,” he said. “We'dtaken dozens of depositions; hundreds of thousands of documents hadto be viewed. We think we have a pretty darn good case – and Targetwould dispute that – but in any event, at some point generallypeople think, 'Is there a way to get this behind us?' And that timehad come.”

On Wednesday, a Minnesota District Court gave preliminaryapproval to the settlement, which includes up to $20,250,000 formembers of the class action and the settlement administrator, plus$19,107,939 for MasterCard's Account Data Compromise program. Thatmoney is over and above what issuers may receive from MasterCard'sADC recovery program or Visa's Global Compromise Account Recoveryprogram, according to court documents.

The amount is also about twice Target's proposed $19 millionsettlement with MasterCard earlier this year. That deal failed toachieve a 90% participation rate from card issuers and died inMay.

However, the money from the new settlement won't start flowingback to financial institutions until a judge gives final approval.That hearing is scheduled for May 10, 2016.

“We were hoping it would be April or even maybe March, but it'snot,” Cambronne said.

By May, though, all the claims should be calculated, henoted.

“It'll be sometime in mid-2016 when people get their money,” hesaid.

However, the portion of the settlement earmarked for theMasterCard ADC program will likely be paid out by year-end,Cambronne noted.

Village Bank President Randy Diers, who runs one of the fivefinancial institutions that originally formed what eventually became the class-action suit against Target,expressed his support for the settlement.

“While we wish the Target data breach had never occurred, wefelt obligated to represent the class of financial institutionsthroughout the United States,” Diers said in a statement. “Thissettlement represents the best possible outcome for financialinstitutions, as it provides immediate and fair compensation andwill hopefully help prevent the occurrence of similar data breachesin the future.”

NAFCU Senior Vice President of Government Affairs and GeneralCounsel Carrie Hunt weighed in as well.

“In the two years since Target's huge data breach, consumers arestill extremely vulnerable to cybercriminals during yet anotherholiday shopping season,” Hunt said. “We continue to urge Congressto act to protect consumers' financial information by enactingnational data security standards for retailers and holding themdirectly accountable for their data breaches.”

Hunt continued, “Much more needs to be done to make creditunions whole. Member-owned credit unions deserve to be fully compensated.”

Members of the class-action suit can object to the settlement,Cambronne said, but he noted, “I am going to be shocked if there'sany meaningful statement to that effect.”

Credit unions can also choose to opt out of the settlement, inwhich case they may be able to sue Target individually, hesaid.

“If Bank X from small-town America thinks, 'I can do better bysuing them alone,' they have that right,” he explained.

Nonetheless, the case marks a legal first, Cambronne said.

“This is the first time ever in the history of Americanjurisprudence that banks have been able to recover their lossesfrom a data breach,” he said. “Data breaches are maybe part of thefabric of our culture going forward; hopefully technology's goingto be such that this will be a rare occurrence moving forward. Butit feels good to know that for the first time ever, banks have beenable to recover in these types of cases.”

He added, “This puts the period on the sentence for Target.Target can go forward and do what it's designed to do; that is, bea retailer for America. They do a good job at that, and we wishthem well.”