Insights & Publications
Diversity & Inclusion
© 2020 Debevoise & Plimpton LLP
Proposed Target Settlement Provides Roadmap for Future Consumer Settlements in Large-Scale Data Breach Cases
1 April 2015
View Client Update
A settlement in the multi-district litigation between Target Corporation and up to 110 million consumers whose personal information was compromised by a late 2013 data breach was preliminarily approved on March 19 by the District of Minnesota. The proposed settlement resolves one of the largest consumer class-actions stemming from a data security breach and provides a roadmap for what future settlements may look like.
Under the proposed settlement, Target will pay $10 million to class members. Administrative and other costs might drive the final figure closer to $25 million.
A unique aspect of the settlement is that it requires Target to adopt a series of non-monetary measures to better safeguard consumer data, including the appointment of a Chief Information Security Officer, maintenance of a written information security program, processes to monitor and respond to breaches and security training for employees. Such steps provide a roadmap for practices companies can adopt now to help mitigate cybersecurity risk.
The settlement does not resolve claims brought by financial institutions against Target. Nor does it resolve ongoing government investigations into Target’s data breach.
Cybersecurity & Data Privacy
White Collar & Regulatory Defense
David A. O'Neil
Megan K. Bannigan
UK Modern Slavery Act Transparency Statement
Debevoise Women's Review