Class settles data breach claims over compromised payment card data
On February 26, the U.S. District Court for the Middle District of Florida granted final approval and class certification, following a final approval hearing, to a settlement resolving class action allegations concerning a data breach involving an international fast-food chain. According to the amended motion for final approval, the data breach occurred in 2016 and involved third-party malware installation on certain franchises’ point of sale systems, which targeted and compromised customer payment card related data. The class ultimately asserted the following claims—breach of implied contract, negligence, and violations of several state consumer laws—and requested reimbursement for (i) costs associated with time spent addressing identity theft or fraud; (ii) losses caused by restricted access to funds; (iii) costs associated with credit reports and credit monitoring; (iv) bank and payment card fees; (v) unauthorized charges; and (vi) documented time spent dealing with the repercussions of the data breach. Under the terms of the settlement, the fast-food chain will pay up to $5,000 per eligible class member as reimbursement for documented out-of-pocket expenses, and up to $15 an hour for up to two hours of undocumented time spent dealing with the repercussions of the data breach. The court also approved $1.02 million in attorneys’ fees and approximately $139,000 in costs to class counsel.