Judge Paul Magnuson, who is presiding over the Target multi district class action litigation in Minnesota, preliminarily approved the parties’ proposed settlement of the litigation involving the infamous breach affecting up to 110 million individuals during the holidays in 2013 for $10 million.

The Agreement requires Target to pay $10 million into an escrow account to pay consumer claims of up to $10,000 each if they can document losses, up to $6.75 million in attorney’s fees and the remainder to go to the rest of the class who can’t document their losses. Class members can submit their claims through the mail or online.

Target also agreed to:

  •   pay all administrative costs;
  •   appoint a chief information security officer;
  •   maintain a written information security program;
  •   develop a process to monitor and respond to security events; and
  •   provide security training to its employees.

Although it is understandable that Target wanted to stop the bleeding from the litigation, the plaintiffs in the Target case were never required to prove Article III standing to show that they had actually suffered harm as a result of the security breach, which unfortunately provides class action lawyers an incentive to continue to bring class action litigation against any company that suffers a data breach. Based on recent history, that list will only get longer and data breach class action litigation is here to stay.