Credit: Brian Turner, CC BY 2.0, via Wikimedia Commons
Sensitive data pertaining to millions of people was compromised in the data breach at the U.S. Office of Personnel Management. I suspect that millions of those people smiled when they heard about the filing of a class-action lawsuit filed against the OPM. They would like some recompense for the incredible hassle that data breach caused them. And they probably want to see the OPM pay for its mistakes. Unfortunately, those smiles are probably about all they will get out of the lawsuit.
Although class-action lawsuits can result in some seemingly very large settlements, the members of the classes in question hardly ever see much money from them. Such lawsuits are essentially a transfer of wealth from the defendant to the attorneys filing the lawsuit. That sounds like cynicism, but it's realism. Because class actions are fairly common and can cover enormous classes of people, you've probably qualified for a payout from at least one of them in the past year. When you looked into it, did it seem worth your time to qualify? If you did bother to be established as a member of the wronged class, did you get any significant amount of money as a result? I seriously doubt it.
Let's take the Target class-action lawsuit as an example. Supposedly, more than 100 million people had their credit cards and personal information compromised in that breach. The credit cards were abused and had to be canceled. People had to contest charges made to their accounts. Naturally, some outraged lawyers decided something had to be done about that and filed a class-action lawsuit. (I'm kidding, of course; if the lawyers were outraged, it was at the possibility of being shut out when Target had to pay up, since other class-action attorneys were fighting to file the cases first and claim their share of the money.)
According to the terms of the Target settlement, $10 million was to be set aside to pay damages to the affected individuals. Does that sound like a lot of money? Not when it's shared out over 100 million people. It amounts to less than 10 cents per victim. Let's say that the number of victims was badly exaggerated, though. Cut it in half, to 50 million, and you're up to 20 cents per victim. Or let's say that only 10 percent of the victims seek compensation through the lawsuit. Hey, now you're talking real money: $1 per victim. If your only cost in filing your claim was postage, you're ahead, right?
In any case, each member of the Target breach class can be reimbursed for up to $10,000 in damages. In other words, at best you might be made whole, but you can't get anything beyond the compensation; there are no punitive damages. And to claim that money, you have to prove damages with the appropriate paperwork. Your time and aggravation are not reimbursable.
Sign up for Computerworld eNewsletters.