By Charles Riley and Jose Pagliery
HONG KONG (CNNMoney) — Target will pay customers who suffered from a 2013 data breach up to $10,000 each in damages.
On Thursday, a federal judge in St. Paul, Minnesota approved a $10 million offer by Target to settle a class action lawsuit, according to an attorney representing those who were hacked.
But don’t get excited. It’s unlikely anyone will actually receive $10,000.
Under the terms of the settlement, Target customers who can prove they were damaged by the data breach will get the first shot at the $10 million. For example, victims will be reimbursed for unauthorized credit card charges, bank fees or costs related to replacement IDs — so long as they are documented.
There was rampant card fraud after the Target hack. But in reality, banks typically reimburse customers 100% in cases of card fraud.
The more likely scenario? Target will reimburse victims for “lost time,” as it says in court papers. That might include the time victims spent getting cards replaced and calling their bank — and even then, only when it was documented.
A victim’s time is valued at $10 per hour. And at most, they can get reimbursed for two hours for dealing with each instance of “substantiated loss.”
After those claims are paid, any remaining settlement funds will be evenly distributed to class members without documentation. The settlement applies to the 40 million people whose debit and credit card data were exposed during the Target hack. If all 40 million were to join the class and no one were to claim any actual damages, the most each person would get is 25 cents.
In addition, Target is required to improve its data security, including the designation of a chief information security officer. The company must also provide security training to its employees.
The data breach at Target, which took place during the height of the 2013 holiday shopping season, was one of the largest in U.S. corporate history.
Aside from the 40 million whose financial data was exposed, as many as 70 million customers had information such as their name, address, phone number and e-mail address hacked in the breach.
After the data breach was discovered, Target offered one year of free credit monitoring and identity theft protection to all customers who shopped in U.S. stores.
Target declined to comment.
The attorneys who sued Target come out best in this deal, though. The settlement will pay them a separate $6.75 million in fees.