Judge OKs Target's proposed $10 million consumer settlement

Status
Not open for further replies.

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
A federal district judge has approved a proposed settlement agreement in the Target Corp. data breach consumer litigation, under which Target will pay up to $10 million to settle litigation filed by consumers in connection with 2013's massive data breach in which 100 million customers' payment card members were exposed.

Judge Paul A. Magnuson of U.S. District Court in St. Paul, Minnesota, has set Nov. 10 for a final approval hearing on the settlement. In his order Thursday, in which he approved a class action for settlement purposes only, Judge Magnuson said that upon preliminary review, the court finds the settlement is “fair, reasonable and adequate” to warrant providing notice of the settlement to class members.

The order says that a settlement administrator will begin sending notice by email to all class members for whom Minneapolis-based Target has an email within 45 days. Consumers who wish to opt out of the settlement must provide a written notice no later than July 31.

Litigation filed by payment-card issuing financial institutions, which is also being heard by Judge Magnuson, continues. Target also states in a March 13 U.S. Securities and Exchange Commission filing that in addition to more than 100 actions filed in connection with the breach, state and federal agencies including state attorneys general, the Federal Trade Commission and the SEC, are investigating events related to the data breach, including how it occurred, its consequences and its responses.

The company says in the filing that as of Jan. 31, it had incurred $252 million of cumulative expenses that have been partially offset by expected insurance recoveries of $90 million, for net cumulative expenses of $162 million. It has received $30 million so far from its network security insurers since the data breach.

According to the filing, the company maintains $100 million of network security insurance coverage above a $10 million deductible and with a $50 million sublimit for settlements with the payment card networks. Target's cyber insurers include Ace Ltd., American International Group Inc. and Axis Capital Holdings Ltd., according to market reports.
 

cruelsister

Level 43
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
Just a few comments on this:

1). A 10 million USD settlement for exposing 100 million customer credentials. Out of these 100 million it has been pretty much confirmed that at least 2.5 million of these cards were definitely sold on the DarkWeb before issuing banks caught on. So in essence each person that had their credentials stolen and sold gets 4 USD (that's FOUR DOLLARS) each. This shows the total contempt that many major businesses have in protecting the personal data that you entrust to them.

2). Target is also spending 100 million USD to upgrade their card readers to the Chip-and-PIN enabled type. What they aren't doing, however, is adding any encryption for transactions (in spite of 4 separate meetings that expressly detailed proper remediation strategies). This is an issue, you see, as the Worm used in the breach is oblivious to the type of terminal used- it can steal transaction data from either type equally well as long as there is no encryption.

What Fools these Mortals be...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top