- Apr 13, 2013
- 3,224
A federal district judge has approved a proposed settlement agreement in the Target Corp. data breach consumer litigation, under which Target will pay up to $10 million to settle litigation filed by consumers in connection with 2013's massive data breach in which 100 million customers' payment card members were exposed.
Judge Paul A. Magnuson of U.S. District Court in St. Paul, Minnesota, has set Nov. 10 for a final approval hearing on the settlement. In his order Thursday, in which he approved a class action for settlement purposes only, Judge Magnuson said that upon preliminary review, the court finds the settlement is “fair, reasonable and adequate” to warrant providing notice of the settlement to class members.
The order says that a settlement administrator will begin sending notice by email to all class members for whom Minneapolis-based Target has an email within 45 days. Consumers who wish to opt out of the settlement must provide a written notice no later than July 31.
Litigation filed by payment-card issuing financial institutions, which is also being heard by Judge Magnuson, continues. Target also states in a March 13 U.S. Securities and Exchange Commission filing that in addition to more than 100 actions filed in connection with the breach, state and federal agencies including state attorneys general, the Federal Trade Commission and the SEC, are investigating events related to the data breach, including how it occurred, its consequences and its responses.
The company says in the filing that as of Jan. 31, it had incurred $252 million of cumulative expenses that have been partially offset by expected insurance recoveries of $90 million, for net cumulative expenses of $162 million. It has received $30 million so far from its network security insurers since the data breach.
According to the filing, the company maintains $100 million of network security insurance coverage above a $10 million deductible and with a $50 million sublimit for settlements with the payment card networks. Target's cyber insurers include Ace Ltd., American International Group Inc. and Axis Capital Holdings Ltd., according to market reports.
Judge Paul A. Magnuson of U.S. District Court in St. Paul, Minnesota, has set Nov. 10 for a final approval hearing on the settlement. In his order Thursday, in which he approved a class action for settlement purposes only, Judge Magnuson said that upon preliminary review, the court finds the settlement is “fair, reasonable and adequate” to warrant providing notice of the settlement to class members.
The order says that a settlement administrator will begin sending notice by email to all class members for whom Minneapolis-based Target has an email within 45 days. Consumers who wish to opt out of the settlement must provide a written notice no later than July 31.
Litigation filed by payment-card issuing financial institutions, which is also being heard by Judge Magnuson, continues. Target also states in a March 13 U.S. Securities and Exchange Commission filing that in addition to more than 100 actions filed in connection with the breach, state and federal agencies including state attorneys general, the Federal Trade Commission and the SEC, are investigating events related to the data breach, including how it occurred, its consequences and its responses.
The company says in the filing that as of Jan. 31, it had incurred $252 million of cumulative expenses that have been partially offset by expected insurance recoveries of $90 million, for net cumulative expenses of $162 million. It has received $30 million so far from its network security insurers since the data breach.
According to the filing, the company maintains $100 million of network security insurance coverage above a $10 million deductible and with a $50 million sublimit for settlements with the payment card networks. Target's cyber insurers include Ace Ltd., American International Group Inc. and Axis Capital Holdings Ltd., according to market reports.