Despite the several dozen class-action-styled lawsuits filed against retailer Target following the discovery in late 2013 that hackers had stolen millions of customers’ credit- and debit-card numbers and contact information, it was a certainty that one line was never going to be spoken in any courtroom: “Ladies and gentlemen of the jury … .” That the Target class actions would be resolved by settlement was as predictable as the outcome of an NCAA basketball tournament game between a No. 1 and a No. 16 seed.

So it could not have come as a surprise to anyone when, on March 19, just a little more than a year after the first data-breach lawsuits were filed, the announcement came from a Minnesota federal court: Target would be filling up a shopping cart with cash to put the matter behind it. The settlement, albeit subject to final approval in November, looks like this: Target will put $10 million into a fund to be used to pay its affected customers — or “guests,” as it prefers to call them. The court will be asked to approve $6.75 million in attorney’s fees on top of that. Target will also be saddled with several million dollars in administrative costs. In an Associated Press story, Vincent Esades, the lead counsel for the plaintiffs, said Target’s total settlement costs could reach $25 million.

The settlement calls for two types of recoveries. Those able to prove that they actually suffered financial losses, on account of their personal or financial information being compromised, can recover up to $10,000. Such losses could be for, among other things, unauthorized credit- or debit-card charges that were unreimbursed (for example, if a bank somehow did not remove an unauthorized charge); the time spent addressing such charges (up to two hours at $10 per hour); hiring someone to help correct credit reports; higher interest rates; purchasing credit monitor services, and so on. Surely, there are people out there in this category — but not many (especially if the claims are carefully scrutinized).

However, the vast majority of those eligible to make a claim will not have documentation that they suffered any of these types of losses. Because they didn’t. The good news is that, despite how serious the data-breach issue is portrayed, most people suffer no quantifiable losses on account of one. With no evidence of losses, those in this group will be able to sign a form stating that they used a credit or debit card at Target during the three-week data-breach period, then will be entitled to a recovery. Presto!

Payments from the $10 million fund will first be made to those who can prove that they actually suffered financial losses. Then, all of those people in the just-sign-your-name category will share equally what’s left. The more people who make claims, the less each claimant will receive. So don’t tell your friends.

One hundred million people could be eligible for the settlement. If 100 million people make claims, then each one will receive 10 cents. Bazooka Joe will be happy about that. In reality, based on statistics in other cases, just a few percent of the class members will make claims. Although, perhaps in this case, more will do so than usual, given how high profile it has been. In any event, each claimant with a nondocumented loss probably will receive about enough for somewhere between a latte and a pepperoni pizza. That’s more than they deserve, but there is only so much that can be done to prevent such an unjustified payment in a settlement like this.

The real problem with the Target settlement is not that it achieved no benefit. It did. People who can prove that they actually suffered financial losses, on account of their personal or financial information being compromised, have been provided with a simple means to recover up to $10,000. That seems fair. It’s hard to begrudge them. But achieving this worthwhile objective — for so few — will come at an enormous price: two years of litigation and the payment of nearly $7 million in legal fees, not to mention millions spent by Target on lawyers, millions of dollars in administrative costs and a boatload of money doled out to people who unquestionably suffered no losses whatsoever. Surely there was an easier and less expensive way to arrive at this outcome. This data suffers from a breach — one of common sense.


Randy Maniloff is an insurance lawyer at White and Williams LLP in Philadelphia. He runs the website