Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

District Court: Approval of data breach settlement denied due to several deficiencies

Courts Class Action Settlement Data Breach

Courts

On January 28, the U.S. District Court for the Northern District of California denied preliminary approval of a proposed class action settlement after identifying several deficiencies with the deal. The proposed settlement was intended to resolve allegations concerning security failures by a global internet company, which led to three data breaches between 2013 and 2016 that exposed consumers’ personal information (previously covered by InfoBytes here). The proposed settlement would have required the internet company to (i) establish a $50 million settlement fund; (ii) pay additional attorneys’ fees of up to $35 million; (iii) pay costs and expenses of up to $2.5 million, as well as service awards of up to $7,500 for each class representative; (iv) provide customers with two years of credit monitoring and identity theft protection services; and (v) improve its data security. However, the court stated that the proposed settlement agreement, among other things, inadequately disclosed the sizes of the settlement fund and class, as well as the scope of non-monetary relief, and “appears likely to result in an improper reverter of attorneys’ fees.” Moreover, the court held that the proposed agreement provided insufficient detail about how much the settlement would cost the defendant in total, and did not disclose the costs of credit monitoring or how much the defendant would budget for data security, thus preventing class members from assessing the reasonableness of the settlement or the attorneys’ fee request—which the court indicated seem “unreasonably high.” The court also noted that “[t]he parties’ lack of disclosure also inhibits the court's ability to assess the reasonableness of the settlement.”