On November 17, 2015, the federal district court overseeing the Target data breach litigation granted final approval to the consumer class action arising out of the 2013 Target data breach.  The court certified, for final approval, a class defined as “[a]ll persons in the United States whose credit or debit card information and/or whose personal information was compromised as a result of the data breach that was first disclosed by Target on December 19, 2013.”   

Under the settlement, Target will pay $10 million, with payments to class members varying depending upon each member’s ability to document losses.  Individuals with documentary proof of losses will be reimbursed both for out-of-pocket loss and time loss (up to two hours at $10 per hour) up to a maximum of $10,000.  Plaintiffs estimate that the average payout for these “high value” documented claims will be approximately $2,200 per claimant.  
Individuals who have no documented proof of loss will receive an equal share of the settlement fund after service awards and documented-loss payments are made.  Plaintiffs estimate that the payment for “undocumented-loss” claimants will be $40 per claimant.  The agreed-upon attorneys’ fee award is not included in the $10 million settlement figure. 

Notice of the settlement reached 80 million people, with direct notice sent to 61 million consumers.  Out of that number, 386 people timely requested exclusion, and only 11 individuals objected to the settlement – a number the judge correctly termed “infinitesimally small.” 

The court awarded plaintiffs’ counsel $6.75 million in attorneys’ fees.  Rejecting the arguments of objectors who contended that the award was too high, the court observed that the total settlement benefit “includes Target’s payment of all notice and administrative expenses” and that when such expenses “are included in the total benefit calculus, the amount of fees requested is a reasonable 29%.”

The court’s approval should, absent an appeal by one of the objectors, put an end to one of the most highly publicized and closely watched data breach consumer class actions in recent memory.  (The class action brought against Target by financial institutions remains pending before the same judge.)  The settlement may also become a model for future data breach settlements.