Target victims have burden of proof in settlement – USA TODAY

36

4

Share This Story!

Let friends in your social network know what you are reading about

Target victims have burden of proof in settlement

Target’s $ 10 million settlement with victims of its 2013 data breach also requires the retailer to pay more than $ 6 million in legal fees and institute several measures to bulk up the security of its

Try Another

Audio CAPTCHA

Image CAPTCHA

Help

CancelSend

Sent!

A link has been sent to your friend’s email address.

Posted!

A link has been posted to your Facebook feed.

By Hadley Malcolm and Elizabeth Weise, USA TODAY 1:50 p.m. EDT March 19, 2015

Every time you buy something with a credit or debit card, your card data is routed through a massive network of servers, processors, and wireless communication systems. This process vets and protects your information. Keith Carter, Jerry Mosemak and Hadley Malcolm

A shopper pays for her purchases at a Target store in South Portland, Maine.(Photo: Robert F. Bukaty, AP)

Victims of Target’s 2013 data breach may have a hard time collecting a significant amount of money from a $ 10 million settlement with the retailer, information security experts say.

That’s because of the burden of proof on consumers, who will be asked to submit documentation of loss on a claims form. Target may end up paying out only a small portion of the $ 10 million because that pot of money is only available to “those consumers who can demonstrate loss,” says Sasha Romanosky, an economics of information security researcher with the RAND Corp.

Though court documents say “no portion of the $ 10 million Settlement Fund will revert to Target.”

Generally, it’s very difficult for people to actually prove harm due to a breach, Romanosky says.

When a fraudulent charge is made on a credit card, consumers don’t generally end up paying for it. If the fraud is caught by the credit card company before it goes through, it never hits their card. If it does go through and the consumer reports it, it’s almost always removed as long as the consumer reported it within a reasonable amount of time.

If a consumer did have a fraudulent charge on their card that they ended up paying for, they would have to be able to provide paperwork showing that they’d documented that they hadn’t made the charge and had tried to correct it, but failed.

Victims will be eligible for up to $ 10,000 each and have to be able to show that they had at least one of the following:

• Unauthorized, unreimbursed charges on a credit or debit card

• Time addressing unauthorized charges

• Costs to hire someone to help correct a credit report

• Higher interest rate on an account or paid higher interest fees

• Loss of access or restricted access to funds

• Fees paid on accounts

• Credit-related costs such as credit monitoring or buying credit reports

Romanosky says the proposed class action settlement is relatively small compared to losses Target has already suffered due to the breach. Target paid $ 191 million last year in expenses related to the breach, which includes a $ 46 million insurance receivable. Target has said the expenses were primarily in legal fees.

“It’s minuscule for Target,” says Brian Yarbrough, consumer research analyst with Edward Jones. Yarbrough points out that Target ended the fourth quarter with $ 2.2 billion in cash on its balance sheet. “For Target basically it’s nice just to get it over with. They have plenty of cash to pay this out.”

It’s also unlikely anyone will get anywhere near a $ 10,000 payout, Yarbrough says. “Your chances of that are pretty slim,” he says. “I think it’ll depend on how many people put in (a claim). I would say probably $ 50-$ 100 is probably what you’re going to get.

Target says it has offered to pay $ 10 million to settle a class-action lawsuit brought against it following a massive data breach in 2013. The retailer says the funds will be kept in an interest bearing escrow account. The Street

The settlement, announced in court documents filed in Minnesota Wednesday, also requires Target to pay up to $ 6.75 million in legal fees to attorneys representing the settlement class. The terms of the settlement were agreed upon March 9 but must be approved by a federal judge. The company also agrees to increase security through multiple initiatives.

The retailer has to appoint a chief information security officer – Target named General Motors executive Brad Maiorino to the position last summer. His responsibilities include overseeing the company’s global information security and information technology risk organization.

Target also has to maintain a program that identifies internal and external security risks to shoppers’ personal information, have a process for monitoring information security risks and give security training to employees focusing on the importance of keeping customers’ information safe.

The settlement agreement calls for notices to run in major publications including People, Better Homes & Gardens and on Facebook alerting consumers to the claims process.

The breach affected as many as 110 million people who shopped at Target between Nov. 27 and Dec. 15, 2013. The attack compromised up to 40 million debit and credit accounts and personal information from up to an additional 70 million customers.

Contributing: Jay Knoll, KARE-TV

Read or Share this story: http://usat.ly/1bhC8lu

USA NOW

U.S. drone strike kills Kenya mall attack mastermind

Mar 19, 2015

0) { %>

0) { %>

0) { %>