Target to Change Security Policies and Pay $10 Million to Settle Data Breach Lawsuit

Posted by

U.S. District Court Judge Paul Magnuson has indicated that he will grant preliminary approval of a 97-page settlement agreement between Target and class-action plaintiffs.  Under the settlement, Target will pay $10 million to compensate injured customers, with court documents suggesting as much as $10,000 for a victim. In total, 42 million shoppers had their credit or debit information stolen, and 61 million had personal data stolen from November 27 through December 18, 2013. The settlement also requires Target to change its security policies within 10 business days of the settlement, including appointing a Chief Information Security Officer, maintaining a written information security program to document risks and develop metrics, and providing security training to “relevant” workers. Victims with reasonable documentation of one of the following losses may be eligible to recover monetary damages: unauthorized credit/debit card charges; time spent addressing charges, fees to correct credit reports, higher interest rates, and costs to replace personal identification, social security numbers or telephone numbers.

For more information, see here.