Eighth Circuit Requires Further Review of Data Breach Settlement Involving Class Members Who Have No Loss
By Andrew C. Glass, Matthew N. Lowe, and Brandon R. Dillman
In a decision that could affect the resolution of future data breach class actions, the Eighth Circuit recently set aside the settlement in the Target Corp. data breach litigation. See In re Target Corp. Customer Data Security Breach Litig., No. 15-3909, — F.3d —, 2017 WL 429261 (8th Cir. Feb. 1, 2017). The litigation arose from claims that in 2013, hackers compromised credit and debit card data of up to 110 million Target customers. The parties ultimately agreed to a settle on a class basis. According to the settlement agreement, Target agreed to establish a $10 million settlement fund, which would be allocated first to class members with documented losses and then to members with asserted, but undocumented, losses. Members who had “suffered no loss from the security breach [would] receive nothing from the settlement fund,” but would still be “bound under the settlement to release Target from liability for any claims” that may someday arise in the future. Id. at *1.