Target’s $10 Million Data Breach Settlement Gets Final Approval: D. Minn. | Practical Law

Target’s $10 Million Data Breach Settlement Gets Final Approval: D. Minn. | Practical Law

In In re Target Corp. Customer Data Security Breach Litigation, the US District Court for the District of Minnesota approved the parties’ proposed settlement of consumer claims arising from Target Corp.'s 2013 data security breach.

Target’s $10 Million Data Breach Settlement Gets Final Approval: D. Minn.

Practical Law Legal Update w-000-8890 (Approx. 3 pages)

Target’s $10 Million Data Breach Settlement Gets Final Approval: D. Minn.

by Practical Law Intellectual Property & Technology
Published on 18 Nov 2015USA (National/Federal)
In In re Target Corp. Customer Data Security Breach Litigation, the US District Court for the District of Minnesota approved the parties’ proposed settlement of consumer claims arising from Target Corp.'s 2013 data security breach.
On November 17, 2015, the US District Court for the District of Minnesota approved a proposed settlement in In re Target Corp. Customer Data Security Breach Litigation (No. 14-2522 (D. Minn. Nov. 17, 2015)).
This case arises from a 2013 data breach of Target Corp.'s computer system that affected the financial information of more than 40 million consumers. In March 2015, the district court certified for settlement purposes a class of individuals whose credit or debit card information and personal information was compromised in the breach.
In approving the proposed class action settlement, the district court considered the following:
  • Although the district court denied in part Target’s motion to dismiss the complaint, it determined that on the merits, it would be difficult for the plaintiffs to prove sufficient injury as well as causation for any losses because:
    • there were several other large-scale data security breaches around the time as the Target breach; and
    • many individuals did not suffer significant losses due to identity-theft protection and credit card liability limitations.
  • Target is financially sound and able to pay the amounts involved in the settlement.
  • Early settlement would benefit the plaintiff class because further litigation would be expensive and complex.
  • The parties adequately notified potential members of the class through direct notice, paid and earned media, and an informal website. Out of the approximately 80 million people who were notified, significantly less than 1% of the potential class requested exclusion or filed a timely objection.
The settlement provides:
  • Target will pay $10 million to settle the class claims.
  • Individuals who can provide documentary proof of loss will be reimbursed for out-of-pocket loss and time loss up to two hours at $10 per hour, up to a maximum of $10,000.
  • Individuals without documentary proof of loss will receive an equal share of the settlement fund after service awards and the documented losses are paid. Currently, plaintiffs estimate the payment for undocumented losses will be $40 per claimant.
  • The three class representatives who were deposed will receive $1,000 service awards. The remaining class representatives will receive $500 each.
  • Target will be required to improve its data security practices in significant ways.
  • Target will also pay all class notice and administrative expenses, which are not included in the $10 million settlement fund.