Editor’s Note: The following blog post was originally published by ClassActionBlawg.com. It is republished with permission.
HarrisMartin’s Data Breach Litigation Conference: The Coming of Age is scheduled for next Wednesday, March 25, 2015, at the Westin San Diego. I’ll be speaking on a panel titled Creative Approaches to Settling Data Breach Cases with Ben Barnow of Barnow and Associates, P.C., Chicago. So, the news this week was very timely that Target has reached a settlement in the consumer class actions arising out of its massive payment card breach. Because a few clients and colleagues on both sides of the bar have asked for my opinion about the settlement, I thought I’d share a few thoughts here.
Settlements in data breach cases have been fairly rare up to this point, as many data breach cases have met their doom at the pleadings stage due to the inability of plaintiffs to show injury-in-fact sufficient to give them standing. Payment Card cases have been an exception because there are real financial losses to consumers that can flow naturally from a hacking incident. Importantly, these losses generally do not include the amount of any fraudulent card transactions because federal law limits consumer liability to $50 and the major card brands go further and impose $0 liability requirements on issuing banks. However, other incidental losses, such as replacement card fees, interest, finance charges by other companies due to missed payments, to name a few, can result from a payment card breach. For this reason, claims in several payment card class actions, including Target (Target Order on Motion to Dismiss) have survived motions to dismiss, leading many defendants to settle these cases. Payment card class actions against Heartland Payment Systems, TJ Maxx, Michaels Stores, and others were all resolved by class-wide settlements. Read More >>