Court To Review Target’s $10M Customer Data Breach Settlement

Image courtesy of Mike Mozart

Nearly two years after Target agreed to set up a $10 million fund to reimburse customers affected by its massive 2013 holiday season data breach, a federal appeals court has ordered the judge in this lawsuit to review the settlement.

The Eighth Circuit Court of Appeals ruled [PDF] this week that the District Court judge must take a second look at the proposed settlement to the class action lawsuit involving millions of Target shoppers.

Under the proposed agreement, Target was to set up a $10 million fund that would eventually pay individual victims up to $10,000 in damages if they could document their losses.

Once those claims are paid, the fund will be divided among customers who state under oath that they suffered a loss related to the breach, the Star Tribune reports.

This process, however, effectively leaves out millions of customers who did not suffer financial damage, but could face future identify theft as their personal information was leaked.

One class member objected to the entire settlement arguing there was a lack of adequate representation due to an alleged intraclass conflict between customers who suffered financially and those that didn’t, but could in the future.

The man, who suffered no financial harm from the breach, argues that despite receiving “no pecuniary relief, as a class member he is bound under the settlement to release Target from liability for any claims he may someday have should the breach injure him in the future.”

According to the Minneapolis Star Tribune, Target lawyers admitted to the Eighth Circuit panel that some 99% of the lawsuit’s plaintiff class would receive no monetary settlement.

In an attempt to remedy the situation, the appeals court directed Judge Paul Magnuson “to conduct and articulate a rigorous analysis” of the class and determine if conflicts of interest would require the cases to be separated.

The proposed settlement is just one Target has agreed to after the data breach, which occurred between Nov. 24 and Dec. 15, 2013.

Investigators looking into the matter believe that thieves captured customer information through the use of software on payment terminals, harvesting the information when shoppers swiped their cards at checkout.

The retailer previously made deals that would pay affected banks $39.4 million for their expenses resulting from the breach, as well as reaching a deal with Visa to give about $67 million back to consumers affected by the breach.