Target has offered to pay $10 million to settle class actions related to its massive pre-Christmas customer payment-card data breach from 2013, which compromised the accounts of up to 40 million Target customers.
A federal district court judge must still approve the settlement, which Target submitted to the court late Wednesday evening, but if it is accepted, individual victims could receive up to $10,000 apiece in damages, as initially reported by CBS News.
KSTP-TV, Minneapolis (where Target is headquartered), went into further detail, noting that individuals can qualify for a portion of the settlement fund if they submit what court documents call “reasonable documentation showing their losses more likely than not arose from the Target data breach (for example, a credit card statement, invoice or receipt)...”
Victims can also be compensated for up to two hours of “lost time” (valued at $10 per hour) for each documented loss, including handling unauthorized charges or replacing a driver's license or Social Security number. Whether it's reasonable to assume that two hours is time enough to replace such documents is presumably one of the things the federal district court judge must decide.
Target's court submission includes a draft version of a two-page form victims would have to fill out in order to qualify for settlement funds. That form, which can be viewed as a .pdf file here, asks potential victims if they used a credit or debit card at any Target store (not Target.com) between Nov. 27 and Dec. 18, 2013, or if they received notice or have other reason to believe their card was compromised in the breach. The form then asks about a varied list of possible consequences:
Did you experience one or more of the following caused by the theft of your Payment Card information and/or personal information as a result of the Target data breach? (Check Applicable Boxes)
Unauthorized, unreimbursed charges on your credit or debit card.
Time spent addressing unauthorized charges on your credit or debit card.
Costs to hire someone to help correct your credit report.
Higher interest rate on an account or higher interest fees that you paid.
Loss of access or restricted access to funds.
Fees paid on your accounts (i.e. late fees, declined payment fees, overdrafts, returned checks, customer service, card cancellation or replacement).
Credit-related costs (i.e. buying credit reports, credit monitoring or identity theft protection, costs to place a freeze or alert on credit report or a drop in your credit score).
Costs to replace your driver's license, state identification card, social security number or phone number.
Other costs or unreimbursed expenses as a result of the Target data breach. (Explain below)
If you were unable to answer “yes” to either of the first two questions, and could not check off at least one of the “Applicable boxes,” then you would not qualify for reimbursement under the proposed settlement.
If the judge accepts Target's proposed settlement terms, then Target will have to set up a dedicated website where potential victims can apply online for payouts.