In a decision that could affect the resolution of future data breach class actions, the Eighth Circuit recently set aside the settlement in the Target Corp. data breach litigation. See In re Target Corp. Customer Data Security Breach Litig., No. 15-3909, — F.3d —, 2017 WL 429261 (8th Cir. Feb. 1, 2017). The litigation arose from claims that in 2013, hackers compromised credit and debit card data of up to 110 million Target customers. The parties ultimately agreed to a settle on a class basis. According to the settlement agreement, Target agreed to establish a $10 million settlement fund, which would be allocated first to class members with documented losses and then to members with asserted, but undocumented, losses. Members who had “suffered no loss from the security breach [would] receive nothing from the settlement fund,” but would still be “bound under the settlement to release Target from liability for any claims” that may someday arise in the future. Id. at *1.

At the final approval hearing, an objector asserted there was an impermissible intraclass conflict between the named plaintiffs, all of whom had purportedly suffered some loss from the data breach, and individuals like the objector who, to date, had suffered no loss and would receive no compensation but nevertheless would have to release claims. Id. at *1-2. The district court overruled the objection without analysis. Id. at *2-3. Nor did the district court opine as to whether the ability to opt out of the settlement would sufficiently protect class members who had suffered no loss.

On appeal, the Eighth Circuit ruled that the district court’s lack of analysis in overruling the objection and approving the class settlement constituted an abuse of discretion, requiring the settlement to be reconsidered on remand. Id. at *2-3. The Eighth Circuit directed that on remand, the district court should conduct a more thorough analysis as to whether the settlement could properly bind class members who suffered no loss and would receive no payment. The Eighth Circuit listed some of the issues the district court must consider, including (1) “whether an intraclass conflict exists when class members who cannot claim money from a settlement fund are represented by class members who can;” (2) “if there is a conflict, whether it prevents the class representatives from fairly and adequately protecting the interests of all of the class members;” and (3) “if the class is conflicted, whether the conflict is ‘fundamental’ and requires certification of one or more subclasses with independent representation.” Id. at *3.

Another issue that may arise on remand is whether a subclass of individuals expressly defined as having suffered no loss related to the alleged data breach comports with Article III standing principles. We will continue to provide updates regarding the case, including after the district court conducts its analysis on remand.