11th Circuit Upholds Historic $380 Million Equifax Data-Breach Settlement – Courthouse News Service
Objectors to the settlement argued to no avail that a court order approving the settlement was drafted in secret and kept out of view until it was finalized by a federal court in Georgia.
(CN) — A three-judge panel for the 11th Circuit on Thursday upheld the largest-ever U.S. class action settlement over a consumer data breach, rejecting a bevy of challenges to the $380 million deal.
Finalized in January 2020, the settlement compensates U.S. consumers whose personal information was exposed in a cyberattack on the credit bureau Equifax. The breach compromised an estimated 147 million people’s data, including social security numbers and addresses.
The deal is supposed to provide up to $20,000 per person for out-of-pocket losses linked to the breach. Other benefits for affected consumers include credit monitoring, identity protection services, as well as reimbursement for time spent addressing identity theft concerns.
An extended claims submission period is scheduled to last through January 22, 2024.
Penned by U.S. Circuit Judge Beverly Martin, a Barack Obama appointee, the 11th Circuit’s decision rejected an appeal challenging the landmark settlement’s approval in federal court in Georgia. Martin noted that the settlement had a high participation rate and that less than 400 people out of the 147-million-person class filed objections.
Among the objectors was tort reform attorney Ted Frank, founder of the Center for Class Action Fairness, who argued the case before the 11th Circuit alongside a handful of other appellants.
Frank said that the federal judge who signed off on the settlement allowed class counsel to “ghost write” the settlement approval order. He argued the sprawling legal document was not made available for review until the judge made the settlement final.
It was a “fundamentally unfair process” that warrants tossing the settlement out, Frank argued.
Unpersuaded, Martin wrote that Frank and other settlement objectors had their chance to challenge the process when the federal judge discussed in open court how he would delegate the writing of the order.
Martin noted that the judge fielded Frank’s objections during a fairness hearing and at one point amended the approval order at the behest of another challenger to the settlement — evidence that the process was handled with care.
“There is also no question the District Court was an active arbiter of this litigation and had great command of the proceedings,” wrote Martin.
Martin nonetheless noted that “judicial ghostwriting remains most unwelcome in this circuit.” She urged the federal court in Georgia to reconsider a local rule under which judges’ oral orders are prepared in writing by an attorney for the prevailing party.
In a phone interview following the 11th Circuit decision, Frank said that he plans to seek a rehearing of the case in front of an en banc 11th Circuit.
“There’s nothing wrong with delegating a proposed order. What you can’t do is fail to share it and fail to give an opportunity to respond,” Frank said. “And it’s one thing to delegate a proposed order that is a ministerial two-page order. But this was a 122-page order that contradicts what the district court said at an oral hearing and appeal-proofed it.”
He said the settlement approval should not have been “done through a secret process.”
In a brief to the 11th Circuit, Frank and fellow objector David Watkins further contended that plaintiffs should have been broken up into subgroups to account for the fact that some of them lived in states where consumer protection laws provided for additional damages against Equifax. Plaintiffs with these additional damage claims should have had their own counsel to fight for a larger share of settlement proceeds, the brief contended.
Martin rejected the argument in the Thursday opinion.
According to Martin, Frank failed to show the kind of fundamental conflict between plaintiffs that would warrant breaking them up into subclasses. She wrote that evidence was lacking that the two local consumer protection laws Frank cited would apply to the Equifax data breach.
“In fact, Mr. Frank doesn’t cite a single case in which a plaintiff recovered statutory damages under either statute in a data breach case,” Martin wrote.
Martin was joined on the appellate panel by U.S. Circuit Judges Andrew Brasher and Britt Grant, both Donald Trump appointees.
In a separate class action concerning a corporate data breach, the 11th Circuit in February found that the plaintiffs failed to show an imminent threat of identity theft and therefore lacked standing to bring a claim. In that case, Tsao v. Captiva MVP Rest. Partners, the plaintiffs did not allege an actual identity theft; they instead sought damages based on an increased risk of becoming victims of such crimes as a result of the breach.
Martin distinguished the Equifax case by pointing to how sensitive the exposed personal data was. She also noted that several plaintiffs claimed they had already been victims of identity theft linked to the Equifax cyberattack.
“Given the colossal amount of sensitive data stolen, including Social Security numbers, names, and dates of birth, and the unequivocal damage that can be done with this type of data, we have no hesitation in holding that Plaintiffs adequately alleged that they face a ‘material’ and ‘substantial’ risk of identity theft that satisfies the concreteness and actual-or-imminent elements,” she wrote.
Though the appellate panel upheld the Equifax settlement approval, it is sending the case back to the federal court for the limited purposed of vacating incentive awards granted to class counsel. Recently established case law prohibits the extra compensation, Martin wrote.