Target has agreed to pay $10 million to settle a class-action lawsuit related to the company’s 2013 data breach.
Court documents show hacking victims could get as much as $10,000 apiece.
U.S. District Court Judge Paul Magnuson indicated at a hearing Thursday in St. Paul, Minn., that he planned to grant preliminary approval of the 97-page settlement, The Associated Press reported.
As the Two-Way reported, Target said immediately after the breach that “as many as 40 million credit and debit card accounts may have been impacted” in the hack. Nearly a month later, the company said 70 million people may have had their personal information stolen. The breach affected holiday shoppers at Target from Nov. 27 through Dec. 18, 2013.
The retailer now estimates that about 42 million people had their credit or debit information stolen, according to the court documents, with the largest totals coming from California (7.8 million), Texas (3.6 million) and Florida (2.9 million).
Target also estimates that close to 61 million people had their personal data stolen. That information could include names, mailing addresses, phone numbers and email addresses.
The proposed settlement would also require Minneapolis-based Target to implement changes to its security policies within 10 business days of the settlement becoming effective.
Those changes would include requiring the company to:
- Appoint a chief information security officer
- Keep a written information security program, which will document potential security risks, and develop metrics to measure the security of its systems
- Offer security training to “relevant” workers that educates them about the importance of safeguarding personal identifying information
Target spokesperson Molly Snyder said in an emailed statement to CBS News that “we are pleased to see the process moving forward and look forward to its resolution.”
To file a claim, victims are asked to fill out a form and answer questions about how they were impacted by the breach, such as:
- Unauthorized, unreimbursed charges on their credit or debit card
- Time spent addressing charges
- Fees to hire someone to correct a credit report
- Higher interest rates or fees on accounts
- Credit-related costs like buying credit reports
- Costs to replace their identification, Social Security number or phone number
The settlement requires “reasonable documentation of losses” and states that eligibility cannot be based solely on “personal declaration” by the victim.
You can look through the proposed settlement here: