Thursday, April 9, 2015 - A proposed settlement that would see Target Corp pay $10 million to settle lawsuits stemming from a massive 2013 data breach perpetrated against the retail company has been given preliminary approval by the federal judge overseeing the multidistrict litigation. Though the judge was pleased with the actions taken thus far by Target, plaintiffs are arguing that the proposed $10 million award will not adequately reimburse the more than 100 million customers affected by the data breach.
27 separate lawsuits from 18 federal districts relating to the data breach were transferred into multidistrict litigation before the U.S. District Court of Minnesota and District Judge Paul A. Magnuson on April 2, 2014. The original data breach took place during the heart of the holiday shopping season in 2013 between November 27 and December 15, with more than 40 million customers having their credit card information compromised and upwards of 100 million losing their email address and phone numbers in the breach.
Though Judge Magnuson commended Target for their willingness "step up" to resolve the complaints, critics have claimed the the settlement will not offer substantial relief to those who were most affected by the data breach and at the same time give those who were not severely affected more than necessary. The proposed settlement will offer relief to individuals with proof of their claims, but only to $10,000. Target has offered free credit monitoring for the roughly 110 million customers affected by the data breach. Thus far, just 4 million customers have chosen to accept the offer.
Customers seeking damages will have to provide proof of unauthorized charges made on their compromised credit cards, account for time spent dealing with complications as a result of the breach and fees paid connected to replacing cards with information accessed by the data hackers. These are the claimants who will be eligible to receive damages up to $10,000. After those cases are resolved, any remaining claimants who used their credit or debit cards at Target during the data breach but did not retain proof of their alleged loses will evenly split whatever money‘s left over after the initial settlements. This amount is not expected to be much of anything with the amount of affected customers and the high profile nature of the case. The proposed settlement also includes up to $6.75 million in attorneys‘ fees.
Additional details included in the proposed settlement include security training for Target employees and the appointment of a chief information security officer for the company to help prevent and handle future data breaches. These details in the settlement are not only intended to help Target‘s dealing with data breaches in the future, but will hopefully influence other companies to take similar steps in order to help improve their vulnerability to similar attacks.
The settlement has been interpreted by some to represent a new bar by which other data breach lawsuits will be judged. Plaintiffs in the Target MDL won a decision from Judge Magnuson in December in which he claimed that plaintiffs would be allowed to proceed despite Target‘s objections which claimed that many seeking damages against the retailer couldn‘t prove their claims. Judge Magnuson‘s siding with the plaintiffs may grant wider litigative opportunities for parties seeking d from defendants in data breach cases in the future.