Target is said to be preparing to settle a class-action suit over its 2013 data breach by paying $10 million to set up a fund for breach victims, who will each qualify to receive up to $10,000 in compensation.
Criminals compromised as many as 40 million accounts that affected as many as 110
million people. Among the information stolen was encrypted PIN data, customer names, credit and debit card numbers, card expiration dates, and the embedded code on the cards’ magnetic strip.
Victims must clearly prove they suffered financial loss from the breach, as invasion of privacy alone is not usually awarded redress by courts, according to Carnegie Mellon University researcher Sasha Romanosky.
Victims must be able to demonstrate they experienced at least one instance of unauthorized, unreimbursed charges on their credit or debit card; time spent addressing those charges; fees to hire someone to correct their credit report; inflated interest rates or fees on the accounts; credit-related costs; or costs for replacing their identification, Social Security number, or phone number.
The terms of the Target settlement need to be approved by a federal judge.