Target Settles Consumer Data Breach Class Action for $10 Million

On Thursday, just three months after a district court judge in Minnesota denied Target’s motion to dismiss the consumer class action following the retailer’s massive 2013 data breach, the court granted preliminary approval of a $10 million settlement agreement requested jointly by Target and the consumer plaintiffs. Settlement funds will be distributed in a claims-made process run by a settlement administrator, with a cap of $10,000 per victim. Unclaimed funds will not revert back to Target, but instead will be split among all breach victims who submit claims. Class plaintiffs have also requested a whopping $6.75 million in attorney’s fees. The district court will have to approve plaintiffs’ fee request, which is disproportionately large at 67.5 percent compared to typical settlements, which hover around 33 percent.

The settlement also requires certain governance and internal control changes, some of which harken back to Federal Trade Commission-mandated consent decrees. The settlement requires Target to increase security protocols through a variety of initiatives, including appointing a chief information security officer to oversee the company’s global information security program. The company must maintain a program that identifies internal and external security risks to shoppers’ personal information, have a written information security program and provide security training to its employees. These security measures are not as conciliatory as they sound, however. Most of these requirements were likely already in place following the breach.

Before consumers start planning their next shopping spree with their settlement funds, they should be warned: it will not be as easy as it may seem to get a payout. Under the terms of the proposed settlement, the burden of proof lies with the plaintiff. Thus, claims would be based on whether plaintiffs can show they have suffered at least one of the following:

  • unauthorized, unreimbursed credit card charges
  • time spent dealing with unauthorized charges
  • costs to hire someone to help correct credit reports
  • higher interest rates
  • loss of access to funds
  • fees paid on accounts or
  • credit-related costs, such as credit monitoring or purchasing credit reports.

The bulk of provable damages would fall under the first category. However, many cardholders have been reimbursed by their card issuers for the fraudulent charges and therefore will be unable to recover twice. These card issuers have filed their own, separate class action lawsuit against Target, and the company’s motion to dismiss that suit was also denied. Many speculate that the potential strength of the claims by the financial institutions in that suit, who bore the bulk of the damages from reimbursing their cardholders for the fraudulent charges, was a driving force in Target’s settlement of the consumer claims. Target’s swift settlement was also likely fueled by obtaining a relatively low settlement amount. The cost of a large data breach settlement not involving medical records is typically around $1 per class member. Target’s $10 million payout to an estimated 110 million class members is well below that. In addition, an early settlement cuts Target’s hemorrhaging ongoing litigation and data breach response costs; this settlement amount does not hold a candle to the $252 million that the company has spent thus far in responding to the breach.

Class members have until July 31 to opt out of the class, and the final settlement approval hearing is set for November 5, 2015. It remains to be seen whether Target will, or can, settle its other suit with the financial institutions.

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Akin Gump Strauss Hauer & Feld LLP | Attorney Advertising

Written by:

Akin Gump Strauss Hauer & Feld LLP
Contact
more
less

Akin Gump Strauss Hauer & Feld LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.