DES MOINES, Iowa — A Minnesota federal judge must hold hearings to determine whether a proposed settlement for about 100 million Target customers who were victims of a 2013 security breach treats all customers fairly, a federal appeals court says.

The 8th U.S. Circuit Court of Appeals said in an opinion filed Wednesday that Judge Paul Magnuson must review the class certification he approved in November 2015.

Under the settlement, Minneapolis-based Target must establish a $10 million fund. Consumers can claim up to $10,000 if they can document unreimbursed losses. After those claims are paid out, the remaining settlement funds will be divided among consumers who say under oath that they suffered a qualifying loss, but don’t have documentation. Those who suffered no monetary loss from the security breach but could face future identity theft issues receive nothing.

Leif Olson, of Humble, Texas, who used debit and credit cards at Target in November and December of 2013, appealed the settlement because he says he would be forced to release Target from liability for any claims he may have if his data is misused in the future. He says customers like him should be placed in a subclass and represented separately.

The appeals court ordered Magnuson “to conduct and articulate a rigorous analysis” of the class status of the case and determine whether there are conflicts of interest among the class members that require their cases be separated.

Court documents say 41.9 million Target customers in the lawsuit class had credit card information stolen and 60 million had personal information stolen.

Advertisement

Vincent Esades, an attorney for Target customers, acknowledged when questioned by an appeals court judge that 99 percent of the customers in the class-action case will get no money from the settlement.

Olson’s attorney, Melissa Holyoak, said it’s important the court “recognizes that the District Court cannot rubber-stamp settlements where class counsel cuts corners on procedural fairness so they can get paid quickly and generously.”

Target also is required in the settlement to appoint a chief information security officer, keep a written information security program and offer security training to its workers.

Esades and Target attorney David McDowell didn’t immediately respond to messages seeking comment on the ruling.


Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.