Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

District Court grants preliminary approval of class action settlement against national convenience store chain

Courts Data Breach Privacy/Cyber Risk & Data Security Class Action

Courts

On July 30, the U.S. District Court for the Eastern District of Pennsylvania granted preliminary approval of a settlement in a class action against a national convenience store chain (defendant) for a 2019 data security incident that allegedly compromised consumers’ credit and debit card information. As previously covered by InfoBytes, class members—comprised of a nationwide group of consumers whose information was allegedly compromised in the data security incident—claimed that “despite the foreseeability of a data breach” the defendant, among other things, “failed to implement adequate measures to protect the sensitive, non-public payment card information entrusted to it by its customers.” In May, the court ruled that the defendant must face certain claims filed by a group of financial institutions (covered by InfoBytes here). Under the terms of the preliminarily approved settlement, the defendant must provide monetary relief to class members totaling approximately $9 million, plus $3.2 million for attorneys’ fees and expenses and class representative service awards, in addition to requiring the defendant to take additional measures for a period of two years to prevent future unauthorized intrusions. The settlement includes three tiers of customers, who will receive gift cards for either $5 or $15, or $500 in cash, depending on the level of their injury caused by the data breach.