MINNEAPOLIS (KARE) – Target Corp. is poised to settle a class-action lawsuit filed following the retailer's 2013 data breach, court documents filed Wednesday in Minnesota show.
A $10-million dollar fund will be established for victims of the data breach, the 97-page settlement says.
Victims will be eligible for up to $10,000 compensation each.
Some aspects of the proposed class action settlement appear unique, said Mark Melodia, founder of the information technology, privacy and data security practice at the law firm of Reed Smith in New York City
"First, the amount of attorneys' fees contemplated by this deal is at the high end of the historical range, even for multi-district litigation proceedings, Melodia said, cautioning that he has not had time to study the settlement.
"Second, it is unusual for a major company to agree to follow certain security practices dictated by a settlement with private class action lawyers and then imposed by a final Order of the Court," he said.
The claim form that victims asks whether they used a credit or debit card at any United States Target store, excluding Target.com website, between November 27, 2013 through December 18, 2013.
Other questions ask if the claimant received a breach notice or if they believed that their personal information was compromised.
Many customers will likely not be able to prove that they lost money due to hacker activities.This is common, said Sasha Romanosky, who researches the economics of information security at Carnegie Mellon University in Pittsburgh, Penn.
There must be very clear proof of actual harm. Courts don't typically allow victims to claim redress simply for an invasion of privacy, he said.
In the Target settlement, victims must be able to state that they have experienced at least one of the following:
- unauthorized, unreimbursed charges on their credit or debit card
- time spent addressing those charges
- fees to hire someone to correct their credit report
- higher interest rates or fees on the accounts
- credit-related costs
- costs to replace their identification, Social Security number or phone number
The forms also ask for documentation to support claims of reimbursement.
The terms of the settlement were agreed upon March 9 but must still be approved by a federal judge.
The massive data breach at Target was revealed in December of 2013.
Data thieves hacked as many as 40 million accounts that affected as many as 110 million people.
They stole encrypted PIN data, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on the back of cards used at Target between.
Asked for comment, Target spokesperson Molly Snyder said. "We are pleased to see the process moving forward and look forward to its resolution."
Contributing: Elizabeth Weise in San Francisco.
