The Target Board can breathe a little easier today – although they are not out of the woods yet – in that the shareholders who filed a series of derivative actions have agreed that the cases can be dismissed as long as they can come back for legal fees.
The lawsuits claim that Target’s directors and officers breached their fiduciary duties and committed gross mismanagement, waste of corporate assets and abuse of control.
After the breach, Target formed a Special Litigation Committe (SLC) to investigate shareholder claims. I assume the objective of the shareholders is to obtain a verdict in their favor and use the $60+ million in D&O insurance to help make the company more whole.
The committee worked for 21 months, interviewed 70 witnesses and looked over thousands of documents. In the end, they produced a nearly 100 page report and recommended against suing their own directors.
The case reinforces the challenge of holding directors liable for breaches, but the fact that we are continuing to see derivative suits and that companies have to spend millions defending them should cause companies to pause. Target used up all of their cyber insurance long ago. The defense of this case may be covered by their D&O policy or possibly by the general liability policy.
From a financial perspective, this is a bit of a disaster. According to JD Supra, Target had a $100 million cyber policy with a $10 million deductible and a $50 million sub-limit for settlements with the payment card networks. So far, Target has settled with Visa for $67 million, with Mastercard for $19 million and has spent $291 million on breach related expenses. Target has not said exactly which pocket or pockets they plan to pay which expenses out of.
While Target has settled many of the more than 100 lawsuits, there are many left, including shareholder class actions, separate lawsuits filed in Canada, investigations by various State Attorney’s General and a look-see by the U.S. Federal Trade Commission.
Some industry sources say that the total losses – including lost profits – will reach $1 billion.
One should assume that, like with Anthem, when Target’s D&O and cyber policies come up for renewal, the current carriers will either decline to renew them or jack up the premiums. Anthem had to accept a $25 million deductible to get cyber insurance after their breach and then put together a consortium in order to get the coverage that they wanted.
Target joins Wyndham in beating shareholder derivative claims. There are still outstanding shareholder lawsuits against Home Depot.