Target Data Breach Settlement

On November 30, 2013, I stopped at Target to purchase a birthday gift for my friends’ one-year-old daughter.  Little did I know that I would be exposed to one of the largest data breaches in retail history.  Fortunately, my bank took quick action, and to date, I’m not aware of my accounts or personal information being compromised.  I’m one of the lucky ones.

It is thought that over 40 million credit cards were compromised during the data breach which took place November 27 through December 18, 2013 at Target stores, nation-wide.   Over 100 million shoppers had their personal data hacked, opening them up to potential financial losses, not to mention the potential for their identities to be stolen.[1]

Lawyers quickly took action, bringing lawsuits in order to protect consumers affected by this data breach.  Target Corp. was sued in 33 separate class action lawsuits, which were consolidated into a multidistrict litigation in the U.S. District Court of Minnesota, where Target is headquartered.  The litigation, entitled In re Target Corp. Customer Data Security Breach Litigation, was presided over by U.S. District Judge Paul A. Magnuson.  Judge Magnuson preliminarily approved the Target class action settlement agreement during a hearing on Thursday, March 19, 2015.  The terms of the preliminary settlement agreement between Target Corp. and the class members include Target paying them $10 million.[2]  This settlement agreement does not indicate that the Court has made a judgment as to any wrongdoing on the part of Target Corp.[3]

What does this mean for the consumers who were affected by the data breach?  They can go to the “Target Breach Settlement” website, https://targetbreachsettlement.com, which is supervised by the Court, and administered by a claims administration firm.  It details the claims process, including documentation necessary, for class members to obtain their portion of the settlement.  “All Settlement Class Members who had their personal or financial information compromised can get reimbursed for losses caused by the data breach of up to $10,000.  These losses could be related to:

• Unauthorized, unreimbursed charges on your credit or debit card;
• Time spent addressing unauthorized charges on your credit or debit card;
• Costs to hire someone to help correct your credit report;
• Higher interest rate on an account or higher interest fees that you paid;
• Loss of access or restricted access to funds;
• Fees paid on your accounts (such as late fees, declined payment fees, overdrafts, returned checks, customer service, or card cancellation or replacement);
• Credit-related costs (such as buying credit reports, credit monitoring or identity theft protection, or costs to place a freeze or alert on your credit report);
• Costs to replace your driver’s license, state identification card, social security number, or phone number; or
• Other costs or unreimbursed expenses as a result of the Target Data Breach.”[4]

What about the credit card companies and banks that were faced with the cost of replacing hundreds of thousands of debit cards and credit cards, and providing credit monitoring and identity theft protection to their customers?  As of April 2015, it was said that Target Corp. was close to reaching a settlement deal with MasterCard for $20 million, to cover the re-issuance of cards, as well as fraud that resulted from the customer’s data being exposed.  It is also thought that Target Corp. is negotiating a similar settlement agreement with Visa.[5]

[1]    http://www.reuters.com/article/2015/04/15/us-target-settlement-idUSKBN0N62PA20150415

[2] http://topclassactions.com/lawsuit-settlements/open-lawsuit-settlements/54647-target-data-breach-class-action- settlement/

[3]    https://targetbreachsettlement.com/mainpage/CommonlyAskedQuestions.aspx

[4] Id.

[5] http://www.wsj.com/articles/target-nears-settlement-with-mastercard-over-data-breach-1429050238