By Amanda Bronstad, From The National Law Journal

Target Corp.’s $10 million settlement of a nationwide class action over its massive 2013 data breach comes as the lead plaintiffs attorney in the case said he faced major hurdles ahead.

U.S. District Judge Paul Magnuson in Minnesota heard arguments over the settlement at a hearing on Thursday but hadn’t yet approved the deal.

The settlement, which resolves most of the 140 lawsuits filed over the breach, does not include financial institutions such as banks and credit unions that also sued Target. The breach compromised the credit and debit cards and personal information of 110 million customers.

Under the settlement, disclosed in a motion for preliminary approval filed on Wednesday, class members are eligible for up to $10,000 each but must submit documentation, such as a credit card statement or invoice, “showing their losses more likely than not arose from the Target data breach.” Class members with no documentation can also submit a claim for whatever funds remain.

Lead plaintiffs attorney Vincent Esades said the amount of the settlement fund, when compared with the 110 million customers affected, indicates the significantly fewer number of people who were actually injured by the breach.

“If you can’t point to a financial impact to you, you won’t qualify to make a claim,” said Esades, an equity member at Minneapolis-based Heins Mills & Olson.

Esades said that he’s already been inundated with calls from potential claimants and that he anticipates a website with claim information to be up and running next month.

Target spokeswoman Molly Snyder wrote in an email: “We are pleased to see the process moving forward and look forward to its resolution.”

The settlement fund includes awards of $500 to $1,000 to class representatives but excludes attorney fees, which are anticipated to be at least $6.75 million, according to the motion. Target also has agreed to appoint a chief information security officer, train employees and maintain a data breach program.

The settlement comes as both sides were gearing up for a battle over class certification, with the first motion due July 1. Esades said that he faced a challenge. “These are inherently difficult cases to prove on certification,” he said.

Judges have been reluctant to find that the facts in data breach cases predominate among all class members “because of the presumably great variance in what could happen to individual plaintiffs,” said Nicolas Terry, executive director of the William S. and Christine S. Hall Center for Law and Health at Indiana University Robert H. McKinney School of Law. Some might have had a card stolen, he said, while others suffered unauthorized charges, for example.

But Target also failed to dismiss the litigation on Dec. 18.

In most cases, companies have successfully argued that data breach class actions should be dismissed because plaintiffs weren’t actually injured by the hack and lacked standing to sue. Target’s inability to do that, Terry said, means “that position is becoming less credible. Plaintiffs are managing to find ways to move the ball down the field in these cases, thus increasing their settlement value.”

Photo: Nate Grigg

For more on this story go to: http://www.nationallawjournal.com/id=1202721121749/Amid-Plaintiffs-Hurdles-Target-Settles-Breach-Suits-for-10M#ixzz3V371GpgX