For Target, the $10 million settlement would have closed the door on one of the biggest data-breach cases of the time.
The company had already agreed to pay banks with MasterCard $39 million and Visa $67 million. Even the consumer class action -- representing up to 110 million Target customers -- had been approved. But then this happened.
One person objected, and an appeals court agreed with him. The settlement, based on the data-breach of 2013, will be on hold for now.
A Class of Zero
The U.S. Eighth Circuit Court of Appeals said the trial judge made a mistake. He should have considered whether another group of customers -- people who did not actually lose anything -- may proceed against Target for potential future losses.
If you are scratching your head right now, just think what the Target lawyers are doing -- probably pulling out the remaining hair on their heads. In the meantime, the trial judge will have to rethink how to deal with Leif Olson's complaint.
Olson, one of two people who objected to the settlement, challenged the judge's decision against him as a representative for a separate subclass. The judge said, basically, that he was late to the party.
On appeal, Olson argued that he represented a "zero-recovery subclass" of people who suffered no losses due to the data-breach but who were asked to waive their rights to litigation by the class action settlement. He said no plaintiffs belonged to the subclass and that the court should certify a separate class with independent counsel.
Try, Cry Again
In an opinion that had to hurt, the court of appeals made no decision about the settlement but said the judge didn't do his job in rejecting a subclass. The appeals panel said there was barely enough in the record to review the judge's reasoning.
"The lack of legal analysis in both the preliminary and final orders suggests that class certification was the product of summary conclusion rather than rigor," Judge Bobby Shepherd wrote for the court. "We hold that the district court abused its discretion by failing to rigorously analyze the propriety of certification, especially once new arguments challenging the adequacy of representation were raised after preliminary certification."
According to observers, data-breach cases are difficult to settle because it's hard to prove damages. But you gotta feel sorry for Target executives because they've tried to settle even with people who have no damages.
- Appeals Court Blocks Target Data Breach Settlement (Law.com)
- Lawyers Are Looking for Ex-Twitter Employees, Via Facebook Ads (FindLaw's Technologist)
- Uber Settlement Is Not Good Enough, Judge Chen Rules (FindLaw's Technologist)