Law professor Eric Goldman, who's spoken out about the broken class action system in the past, has another ridiculous example, this time involving Heartland Payment Systems. You may recall Heartland as being the company that had the largest security breach ever (at the time), losing data on over 100 million credit cards. A class action lawsuit (of course) followed, and Heartland agreed to pay up to anyone who could show that they were a victim of fraud from the loss. The company didn't have cardholder addresses, so it spent $1.5 million to advertise the settlement, and estimated that over 80% of the potential class saw an ad at least 2.5 times. Either way, not too many claims came in. A total of 290 claims were made, but only 11 were found to be valid.
Heartland had to pay a maximum of $175 to those individuals. Assuming it did pay the maximum, that means the "victims" of the breach got a grand total of $1925 (perhaps less). According to the settlement agreement, Heartland was supposed to pay out at least $1 million to victims (and up to $2.4 million). If less than $1 million worth of victims were found, the rest would go to non-profit organizations focused on protecting consumer privacy rights. That leaves $998,075 for those non-profits.
So, let's summarize:
And, of course, Heartland also ended up paying its own lawyers a ton. In the end, this system involved Heartland paying many millions of dollars... to benefit a "class" of 11 people and giving them less than $2,000.
- Actual victims got: $1,925
- Heartland spent $1.5 million to find the people to give out that $1,925.
- Somewhere around $998,075 goes to non-profits
- The lawyers who brought the lawsuit? They got $606,192.50. For helping 11 people get less than $200 each.
02 May 2012
Dissecting a class action lawsuit
A column at TechDirt crunches the numbers: