On December 4, 2015, we reported on the preliminary approval granted in the Target data breach settlement. This past week, U.S. District Judge Paul A. Magnuson gave official approval to the deal. Target will pay $39.3 million to a group of financial institutions as a consequence of its massive 2013 data breach, where hackers gained access to Target’s network and the financial information of approximately 40 million customers. The settlement applies to all U.S. financial institutions that issued payment cards identified as at risk as a result of the breach and that have not previously released their claims through a separate deal with Visa Inc. and MasterCard Inc. Under the previously reached $67 million agreement with Target, nearly 75% of Visa issuers accepted settlement in exchange for full release of their claims.
Under the deal with the financial institutions, Target will pay up to $20.25 million directly to class members and $19.1 million to fund MasterCard’s Account Data Compromise program. Judge Magnuson approved attorneys’ fees of $17.8 million and expenses of $2.1 million. The judge cited to the complexity of the claims and the expense of further litigation as reasons for approving the settlement.
Forty-five financial institutions opted out of the settlement, controlling 1.6 percent of the affected accounts. However, of the 2,212 financial institutions with potentially affected members, 67 percent filed for the compensation from the settlement fund. This case is bound to impact further data breach litigation.
The case is In re: Target Corporation Customer Data Security Breach Litigation, U.S. District Court, District of Minnesota, No. 14-md-02522.