Target and
lawyers for plaintiffs whose clients’ personal information was stolen in a 2013
major data breach have agreed on a $10 million settlement.
A
class-action suit was pending in United States District Court in Minneapolis,
where Target is headquartered. Both sides asked the court to approve Target's
offer, which the two sides agreed to last week. Target said as many as 40
million credit and debit card accounts may have been affected by the breach,
which occurred between November 27 and December 15, 2013, at the height of the
holiday shopping season. See my previous blog posts on the story and lawsuit.
The
proposed settlement would cap any award at $10,000 per claimant. It would also
include Target appointing a chief information security officer to oversee
information security and to train employees in securing costumers' personally
identifiable information. Judge Paul Magnuson has reportedly signed off on the
preliminary settlement agreement.
In a recent
filing with the Securities and Exchange Commission, the company estimated it has
incurred $252 million of cumulative data breach-related expenses as of Jan. 1,
2015. This was partially offset by $90 million of expected insurance
recoveries.
