Neiman Marcus Settles Data Breach Consumer Class Action For $1.6 Million

King & Spalding
Contact

On June 21, 2017, the U.S. District Court for the Northern District of Illinois entered an order granting preliminary approval of a $1.6 million class action settlement between Neiman Marcus and a class of its customers whose payment card information was exposed in a 2013 data breach.   See Remijas v. Neiman Marcus Group, LLC, No. 1:14-cv-01735, Doc. 154 (N.D. Ill., June 21, 2017). The case involves claims against Neiman Marcus arising out of a cybersecurity intrusion that exposed the payment card data of approximately 370,385 individuals who used a payment card at a Neiman Marcus store while malware was installed in the retailer’s computer system.

In January 2014, Neiman Marcus announced a data breach potentially compromising the payment card information of certain Neiman Marcus customers.  Shortly thereafter, Hilary Remijas filed suit in federal district court on behalf of a purported class of Neiman Marcus customers, asserting claims against Neiman Marcus for negligence, breach of implied contract, unjust enrichment, invasion of privacy, and violations of state consumer laws and state data breach statutes. 

In September 2014, the district court dismissed the case based on the plaintiff’s lack of Article III standing, but the U.S. Court of Appeals for the Seventh Circuit reversed the dismissal and revived the case in July 2015, holding that the risk that the plaintiff’s personal data would be misused by the hackers was a sufficiently concrete injury to provide the plaintiff’s standing.  On remand from the Seventh Circuit, the district court denied Neiman Marcus’s renewed motion to dismiss on January 13, 2016.  The settlement was announced in March and preliminarily approved by the district court last week.

In exchange for a release of all claims stemming from the data breach, Neiman Marcus has agreed to create a $1.6 million settlement fund to pay class members who used a debit or credit card at a Neiman Marcus store on a date that malware was operating in that store.  Each class member is eligible to receive up to $100 from the settlement fund.  To be eligible to receive settlement funds, class members are only required to submit information sufficient to demonstrate that their payment card data was exposed, not that they incurred any fraudulent charges.  The settlement agreement also includes the parties’ agreement to an award of attorneys’ fees and expenses no greater than $530,000.  The final approval hearing is scheduled to occur on October 26, 2017.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© King & Spalding | Attorney Advertising

Written by:

King & Spalding
Contact
more
less

King & Spalding on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.