Victims will need to fill out a claim form covering whether they used a credit or debit card at a Target store in the U.S. between 27 November and 18 December 2013 and whether they have reason to believe that their information was compromised as a result of doing so.
The fund gives effect to a settlement in a class-action lawsuit.
The settlement requires Target to -
- maintain a “written information security program” that it monitors and evaluates with metrics,
- establish a process for responding to security risks, and
- create a formal program to train Target employees on data security.
- unauthorized/unreimbursed charges,
- fees for hiring someone to correct a credit report,
- late and declined payment fees,
- costs for monitoring accounts or replacing important documents post-breach,
- up to two hours of “lost time” (billable at $10 per hour).
The New York Times states
The retailer estimated recently that it had already accrued $252 million in expenses related to the data breach as of the end of January, a figure it said would be partly offset by an expected $90 million in insurance payouts. That estimate was based on the prospect of settling many lawsuits, Target said.
Target faces further claims from three of the four major credit card companies, and is likely to face action from the fourth, it said in an annual filing on March 13. State and federal agencies, including the state attorneys general, the Federal Trade Commission and the Securities and Exchange Commission, are also investigating the breach, and may seek to impose fines and other penalties, according to Target.
