Will Target’s Data Breach Paint a Bullseye on Its Partners’ Backs?

Source: Kevin Dooley / Flickr

Target’s (NYSE:TGT) security breach drama continues, and unfortunately for its partners, it doesn’t look like the retailer is going down alone. The Minneapolis, Minnesota-based company is still in the process of investigating its large-scale security breach that compromised about 40 million payment cards and the information of about 70 million Target customers, but now people who have reviewed past data thefts are predicting that Target’s partners will also get implicated in its drama, too. Target employs many partners that help the retailer process payments, and these companies could also face millions of dollars in fines and costs resulting from their part in the data breach.

According to ReutersJamie Pole, a cyber security consultant who works for government agencies and the financial industry, explains that Target’s partners “have deep pockets and are intimately involved in certain aspects of how Target gets paid.” That’s why they could face fines and settlement costs that could total up to million of dollars for individual companies.

Many fail to realize that several companies are involved in every transaction at a Target store, and Reuters explained Tuesday that although shoppers hand their cards to Target employees when they are making their purchases, a separate organization known as the “merchant acquirer” actually handles the payment for the store when the card is swiped, and that’s where they get implicated in the process. Also in addition to the merchant acquirer, there is the bank that issues the consumer’s payment card, and companies such as Visa (NYSE:V) and Mastercard (NYSE:MA) that operate the networks over which the payment request and confirmation are sent.

Thus, it is clear that Target’s transactions aren’t as cut-and-dried as many people may like to think, that’s why Boston attorney Cynthia Larose of Mintz Levin said Tuesday, “This class-action lawsuits start to bring everyone in at some point.” According to Reuters, Larose believes that Target will seek to add its partners as defendants to lawsuits already filed over the breach, and a research note by Robert W. Baird & Co analysts said that the merchant acquirer used by Target for credit and debit card transactions is Bank of America Merchant Services, a joint venture of Bank of America Corp (NYSE:BAC) and KKR & Co’s (NYSE:KKR) First Data Corp.

As Target moves forward with its lawsuits in court, it is possible that the retailer will follow the lead of other companies that have already navigated similar data theft problems. One such retailer is TJX Companies (NYSE:TJX), as the company’s systems were invaded by hackers in the mid-2000s, and its security breach remains the only one more disastrous than Target’s. In TJX’s case, Reuters reports that it agreed to pay up to $40.9 million to cover fraud costs in a settlement with Visa after Visa issued penalties of $880,000 against Fifth Third Bancorp (NASDAQ:FITB) of Ohio, the merchant acquirer for TJX. As of now, it is still unclear how Target will proceed, but analysts predict that the retailer could follow the same course that TJX did.

Nonetheless, both Target and its partners are remaining quiet over what fees and penalties they are expecting to field in court, and one company which has been identified as processing transactions for Target customers, Vantiv Inc of Cincinnati, says that it expects “no impact from the breach.”