Judge backs Target's $10M data breach settlement plan

Shoppers at Target in Minneapolis
Shoppers at the Target store in downtown Minneapolis on Aug. 9, 2006.
Jim Mone | AP 2006

Updated: 12:50 p.m. | Posted 6:07 a.m.

A Minnesota judge has endorsed a settlement in which Target Corp. will pay $10 million to settle a class-action lawsuit over a massive data breach in 2013.

U.S. District Judge Paul Magnuson said at a hearing Thursday in St. Paul that he would grant preliminary approval of the settlement in a written order later in the day.

Grow the Future of Public Media

MPR's budget year comes to a close on June 30. Help us close the gap by becoming a Sustainer today. When you make a recurring monthly gift, your gift will be matched by the MPR Member Fund for a whole year!

The move will allow people to begin filing claims ahead of another hearing for final approval.

People affected by the breach can file for up to $10,000 with proof of their losses, including lost time dealing with the problem. "Target really needs to be commended for being willing to step up," Magnuson said.

In late 2013, hackers grabbed payment card and personal information for tens of millions of people who shopped at Target. The settlement would compensate consumers who suffered unauthorized charges on their credit cards or were otherwise harmed by the breach.

Target estimates 100 million customers suffered some loss of personal or payment card information.

The company offered free credit monitoring for affected customers and overhauled its security systems. Only about 4 million customers took up the offer.

Target payment
A customer prepares to sign a credit card slip at a Target store on Dec. 19, 2013, in Miami.
Joe Raedle | Getty Images 2013

The proposed settlement would also require Minneapolis-based Target Corp. to appoint a chief information security officer, keep a written information security program and offer security training to its workers. It would be required to maintain a process to monitor for data security events and respond to such events deemed to present a threat.

"We are pleased to see the process moving forward and look forward to its resolution," Target spokeswoman Molly Snyder said in an emailed statement.

The company said in court documents filed in Minnesota that the funds for reimbursements will be kept in an interest bearing escrow account. Claims will mostly be submitted and processed online through a dedicated website.

The chain has worked hard to lure back customers that were hesitant to shop there after the incident. Over the 2014 holiday season, Target offered free shipping on all items. It recently announced that it was cutting its minimum online purchase to qualify for free shipping in half to $25. And on Wednesday the retailer said it will now allow returns for up to a year for its private and exclusive brands.

Target's bounce back from a turbulent stretch including the data breach and exit from Canada has been met with optimism on Wall Street. The retailer's stock traded above $80 for the first time Monday, reaching another in a string of all-time highs that it began to log just before the crucial holiday shopping season began in December.

Earlier this month, Target said it would lay off about 1,700 people, eliminate another 1,400 unfilled positions and cut up to $2 billion in costs. It will also focus more on technology to boost online sales growth. The latter move will involve about $1 billion aimed at beefing up business from shoppers who are more likely to shop online.

Still unresolved are class action lawsuits brought against Target by banks and credit unions seeking to recover the cost of replacing credit and debit cards and other expenses associated with the data breach.

MPR News reporter Martin Moylan contributed to this report.