Target will pay a total of $10 million to customers who were victimized by the retail chain’s massive payment data breach in 2013, the Associated Press reported.
U.S. District Judge Paul Magnuson granted preliminary approval on Thursday (March 19) for the settlement to a federal class-action lawsuit. The approval means affected customers will be able to begin filing claims before another hearing for final approval, which won’t happen until late October or early November.
Customers will be able to file for up to $10,000 in reimbursement for their losses, which can include unauthorized charges, higher fees or interest rates, and lost time dealing with the after effects of the breach, which allowed cyberthieves to steal information on as many as 40 million payment card between Thanksgiving and mid-December in 2013 — the height of the holiday shopping period.
Under the settlement, Target will be required to maintain a written information security program and provide security training to its employees, as well as monitor for data-security problems and respond to any that present a threat. The retailer is also required to appoint a chief information security officer, but Target already appointed former General Motors executive Brad Maiorino to that post in mid-2014.
Customer loss claims will require proof, and most claims will be submitted online through a dedicated website. Affected customers should be able to start filing claims by April 30; up to 100 million people may be eligible, according to Vincent Esades, an attorney for customers who were part of the class action.
After documented claims have been paid out, any money remaining from the $10 million will be divided among consumers who state under oath that they suffered a qualifying loss but don’t have documentation, Esades said, adding that customers who have already been fully reimbursed aren’t eligible.
While customers will be able to begin filing claims in about six weeks, money can’t be paid out from the settlement fund until all objections and appeals to the settlement are resolved. That means the earliest that affected customers would see any money is in early 2015, Esades said.
Including attorneys’ fees, the settlement could cost Target as much as $25 million. The retailer has already spent $162 million on total breach expenses, Target reported in its Q4 earnings call in February.