Despite the several dozen class action-styled lawsuits filed against retailer Target, following the late-2013 discovery that hackers had stolen millions of customers' credit and debit card numbers and contact information, it was a certainty that one line was never going to be spoken in any courtroom: ladies and gentlemen of the jury. That the Target class actions would be resolved by settlement was as predictable as the outcome of an NCAA Basketball Tournament game between a number one and number 16 seed.
So it could not have come as a surprise to anyone when, on March 19, just a little over a year after the first data breach lawsuits were filed, the announcement came from a Minnesota federal court: Target would be filling up a shopping cart with cash to put the matter behind it. The settlement, albeit subject to final approval in November, looks like this. Target will put $10 million into a fund to be used to pay its affected customers—"guests" as it prefers to call them. The court will be asked to approve $6.75 million in attorney's fees on top of that. Target will also be saddled with several million dollars in administrative costs. In an Associated Press story, Vincent Esades, the lead counsel for the plaintiffs, stated that Target's total settlement costs could reach $25 million.
The settlement calls for two types of recoveries. Those able to prove that they actually suffered financial losses, on account of their personal or financial information being compromised, can recover up to $10,000. Such losses could be for, among other things, unauthorized credit or debit card charges that were unreimbursed (that is, if a bank somehow did not remove an unauthorized charge), the time spent addressing such charges (up to two hours at $10 per hour), hiring someone to help correct their credit report, higher interest rates, purchasing credit monitor services, and so on. Surely there are people out there in this category—but not many (especially if the claims are carefully scrutinized).
Quantifiable losses?
The vast majority of those eligible to make a claim will not have documentation that they suffered any of these types of losses, however. Because they didn't. The good news is that, despite how serious the data breach issue is portrayed, most people suffer no quantifiable losses on account of one. With no evidence of losses, those in this group will be able to sign a form, stating that they used a credit or debit card at Target during the three-week data breach period, and then be entitled to a recovery. Presto.
Payments from the $10 million fund will first be made to those who can prove that they actually suffered financial losses. Then, all those people in the just-sign-your-name category will share equally in what's left. The more people who make claims, the less each claimant will receive. So don't tell your friends.
One hundred million people could be eligible for the settlement. If 100 million people make claims, then each one will receive 10 cents. Bazooka Joe will be happy about that. In reality, based on statistics in other cases, just a few percent of the class members will make claims. Although, perhaps in this case, more will do so than usual, given how high-profile it has been. In any event, each claimant with a non-documented loss will probably receive about enough for somewhere between a latte and a pepperoni pizza. That's more than they deserve, but there is only so much that can be done to prevent such an unjustified payment in a settlement like this.
The real problem with the Target settlement is not that it achieved no benefit. It did. People who can prove that they actually suffered financial losses, on account of their personal or financial information being compromised, have been provided with a simple means to recover up to $10,000. That seems fair. It's hard to begrudge them. But to achieve this worthwhile objective—for so few—will come at an enormous price: two years of litigation, the payment of nearly $7 million in legal fees, not to mention millions spent by Target on lawyers, millions of dollars in administrative costs and a boatload of money doled out to people who unquestionably suffered no losses whatsoever. Surely there was an easier and less expensive way to arrive at this outcome. This data suffers from a breach—one of common sense.
Randy Maniloff is an insurance lawyer at White and Williams LLP in Philadelphia. He runs the website www.CoverageOpinions.info.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.