On March 19, 2015, a Minnesota federal judge granted preliminary approval of Target Corporation’s (Target) proposed $10 million settlement of a class action lawsuit, which arose out of a 2013 data breach that compromised personal information of roughly 110 million of Target’s customers. The proposed settlement would pay out $10 million to the plaintiffs and up to $6.75 million in attorney fees. Consumers affected by the breach could be awarded up to $10,000 in damages each if they can prove damages.
This case is significant for two main reasons. First, the fact that the plaintiffs were able to defeat a motion to dismiss for lack of standing to sue indicates that the bar may be lowering for successfully alleging injury in data breach lawsuits. Second, the Court’s approval of the proposed settlement raises the question of whether the settlement amount will become a benchmark in future data breach cases.