The wheels of justice move slow, but they move nonetheless.
Customers of the Target Corporation, the retail company that experienced a massive data security breach during the 2013 holiday season, can finally expect to some retribution. Information from nearly 40 million credit cards were stolen from the company due to lax security controls, which also resulted in email addresses and phone numbers being pilfered for almost 100 million customers. In May of 2014, Target's CEO, Gregg Steinhafel, stepped down.
Reuters is reporting today that the company has agreed to pay $10 million to settle a class-action lawsuit. The settlement is still awaiting federal court approval, but if accepted will entail Target depositing the funds into an interest bearing escrow account. Individuals victimized by the loss of personal information could expect up to $10,000 in damages.
Additionally, the report states that the proposal would require that Target to adopt better security measures, including hiring some to the chief information security role and keeping its revamped security program in written form.
Target originally tried to block the lawsuit, suggesting that consumers would never be able to prove actual injury, but the U.S. courts ruled against it.
It's still not clear how customers will be able to request compensation, but you can bet Target will make it as difficult as possible.
In my town, Target has since closed its doors completely, assumedly due to financial damage but assuredly due to the loss in customer trust. The store was a staple here. It's taken over a year and U.S. court involvement to see any action.
There are a couple lingering issues in today's report that I'd like clarity on. First off, why does it take a court ruling to improve security after such as massively irresponsible action? And, secondly, who benefits from the interest in the escrow account? Is this Target's way of making more money off customer woes, or intended to help fill out the full $10 million - eventually?