Neiman Marcus to settle long-running data breach litigation for $1.6m?
Neiman Marcus has agreed to pay $1.6 million to resolve a data breach class action in Illinois federal court over a December 2013 cyber intrusion that revealed the credit card data of 350,000 shoppers of the luxury retailer, according to a court document filed Friday.
Read more on Law360 if you have a subscription. If you don’t have a subscription, don’t worry – I imagine other news outlets will also cover the settlement.
Past coverage of the breach and litigation on this site are linked from here. The case may best be remembered for the Seventh Circuit’s reversal of the district court’s dismissal of the lawsuit for lack of standing. Following that someone stunning reversal, the retailer failed to get the appeal reheard en banc, and then suffered a second loss back in district court when it also failed to get the case dismissed for failure to demonstrate negligence on their part.
I doubt most lawyers would have suggested that the retailer settle the suit when it was first filed, as most of these lawsuits that do not allege concrete injury actually did/do get dismissed for lack of standing. So Neiman Marcus chose not to settle at the outset, and….. I wonder how much this litigation has cost them by now? And what’s the value of the bad press of keeping their name in headlines associated with customer complaints? With the benefit of hindsight, would they fight this all again?