Target Corp. agreed to settle with more than 100 million customers whose personal information may have been breached in a database hack in 2013, among the biggest to hobble retailers and banks in recent years.
Others victimized by cyber assaults include global companies such as JPMorgan Chase & Co., Home Depot Inc. and Sony Corp.
Lawsuits against Target multiplied in the weeks following its disclosures in December 2013 and January 2014 that credit- and debit-card data for 40 million customers was stolen and that home and e-mail addresses for as many as 70 million people were compromised. The suits were consolidated before a judge in St. Paul, Minnesota, who must approve the current settlement creating a $10 million fund to compensate victims.
"The settlement provides for a consumer-friendly process" whereby as many as 110 million customers affected will submit claims online to a settlement administrator, class-action plaintiffs' lawyer Vincent Esades said in the filing.
Target said customers were reimbursed for fraudulent charges by the card issuers, but shoppers contended they were subjected to account freezes, late payment fees and other costs.
Claims, to a maximum of $10,000, may include two hours of lost time at $10 per hour for the inconvenience of dealing with unauthorized charges and driver's license replacement. Customers may make additional claims.
The agreement includes the appointment of a corporate chief information security officer and enhancements to risk-assessment and employee security training.
Target shares fell 0.4 percent to $80.71 at 9:40 a.m. in New York.
Plaintiffs' lawyers may ask for a fee award of as much as $6.75 million, also to be paid by the company, court papers show.
The case is In re: Target Corp Customer Data Security Breach Litigation, 14-md-2522, U.S. District Court, District of Minnesota (Minneapolis).