Target's massive data breach, which hit during the peak of the 2013 holiday shopping season, was one of the largest hacks in the history of corporate America — and now the retailer is proposing to offer victims up to $10,000 each in damages as part of a $10 million settlement.
The 97-page settlement for the class action lawsuit was filed on March 18 and is waiting for the approval of a federal judge.
During Target's breach in December 2013, thieves hacked as many as 40 million customer credit card accounts, and up to 110 million sets of personal information such as email addresses and phone numbers were stolen. The thieves stole encrypted PIN data, customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip on the back of cards used at Target.
If you used a debit or credit card at a Target store between Nov. 27 and Dec. 18, 2013, or received a notice that your personal information was compromised, you could receive a portion of the $10 million settlement fund.
Target's proposed settlement explains that in order to receive funds, victims must be able to state that they have experienced one of more of the following: unauthorized, unreimbursed charges on their credit or debit card; time spent addressing those charges; fees to hire someone to correct their credit report; higher interest rates or fees on the accounts; credit-related costs, and costs to replace their identification, Social Security number or phone number.
The forms also request documentation, such as a credit card statement, invoice or receipt, to support these claims. Victims could also include two hours of "lost time," at $10 per hour, for each type of documented loss incurred, including inconveniences such as replacing a driver's license or addressing unauthorized credit card charges.
It's also expected that a digital form will be available on a dedicated website in the near future.
After those claims are paid, any remaining settlement funds will be evenly distributed to class members without documentation.
The settlement would also require Target to designate a chief information security officer and maintain a written information security program, along with implementing a process to monitor for information security events and respond to threats. In addition, Target must provide security training to its employees.
Immediately following its breach, Target offered one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores.