In re Heartland Payment Systems, Inc. Customer Data Security Breach Litigation
851 F. Supp. 2d 1040
S.D. Tex.2012Background
- This is a nationwide consumer class action certified under Rule 23(b)(3) for settlement, involving over 100 million payment-card holders.
- Heartland Payment Systems disclosed a data breach affecting payment-card data; lawsuits were consolidated in MDL in this court.
- The Consumer Plaintiffs alleged negligence, breach of contract, state-law claims, and FCRA violations; Financial Institutions filed related actions.
- An initial December 2009 settlement agreement was reached; final class certification for settlement occurred in 2010 after notice and hearings.
- Eleven valid claims were filed for losses; cy pres distributions to three privacy/security nonprofits were planned if funds were unclaimed.
- The court granted final approval of the settlement, approved a fee award of $606,192.50 and costs of $35,000, and denied incentive payments.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether the settlement class was properly certified for settlement purposes | Consumer Plaintiffs contend Rule 23(a)/(b) prerequisites are satisfied | Heartland did not oppose the certification outcome but did not dispute the merits | Yes, the court certified the settlement class under Rule 23 for settlement. |
| Whether the settlement is fair, reasonable, and adequate under Rule 23(e) | Settlement provides direct and cy pres relief, with a strong notice program | Court should scrutinize the value of non-monetary benefits and potential lack of direct class relief | The settlement is fair, reasonable, and adequate under Rule 23(e) after Reed factors analysis. |
| Whether cy pres distributions are appropriate and properly discounted in valuing benefits for fee purposes | Cy pres approximates class interests and is necessary when direct recovery is impractical | Cy pres should be carefully weighed against direct benefits to class members | Cy pres distributions are appropriate, with a 50% discount applied to value the indirect benefit in calculating fees. |
| Whether attorneys’ fees and costs are reasonable | Fees were justified as compensation for work creating a fund benefiting the class | Fees should be closely scrutinized to avoid windfall given limited direct class recoveries | Attorneys’ fees of $606,192.50 and costs of $35,000 approved after cross-check of lodestar and Johnson factors. |
| Whether incentive awards to representatives were warranted | Representative plaintiffs justified for time and effort | No objection; awards would align with typical practice | Incentive awards denied due to lack of record showing representative involvement or time spent. |
Key Cases Cited
- Amchem Prods., Inc. v. Windsor, 521 U.S. 591 (U.S. 1997) (settlement class must satisfy Rule 23 to avoid merits-inquiry substitution)
- Wal-Mart Stores, Inc. v. Visa U.S.A., Inc., 396 F.3d 96 (2d Cir. 2005) (settlement notice must satisfy due-process standards; not rigid rules)
- Sullivan v. DB Invs., Inc., 667 F.3d 273 (3d Cir. 2011) (commonality/predominance in multistate settlement classes; central issue suffices)
- Cole v. Gen. Motors Corp., 484 F.3d 717 (5th Cir. 2007) (state-law variations may preclude predominance in litigation-class; not ruinous for settlement class)
- In re TJX Companies Retail Security Breach Litig., 246 F.R.D. 389 (D. Mass. 2007) (fee reasonableness considerations in data-breach settlements; cautionary precedent)
- Reed v. General Motors Corp., 703 F.2d 170 (5th Cir. 1983) (Reed factors govern fairness/adequacy analysis of settlements)
- In re Countrywide Fin. Corp. Customer Data Security Breach Litig., No. 3:08-MD-01998, 2010 WL 3341200 (W.D. Ky. 2010) (data breach settlements and fee considerations in similar actions)
- Dell, 669 F.3d 642 (5th Cir. 2012) (permissible use of blended (percentage + lodestar) approach in common-fund fees)