Three years after it reported a data breach that compromised customer data at its stores, retailer Eddie Bauer may end up paying about $10 million in a proposed settlement with Waterloo, Iowa-based Veridian Credit Union and other affected financial institutions, according to court documents.
Under the settlement agreement, which still awaits court approval, the retailer would pay up to $2.8 million for claims related to compromised cards. It would also pay up to $2 million for settlement administration and attorneys’ fees, as well as $5 million in injunctive relief, which includes the cost of implementing and maintaining an information security program that complies with Payment Card Industry Data Security Standard.
“Eddie Bauer denies all material allegations of the complaint,” the proposed agreement noted. “Eddie Bauer specifically disputes that it is liable in any way for the third-party criminal cyber-attack and that plaintiff and putative class members are entitled to any relief from Eddie Bauer. Nevertheless, given the risks, uncertainties, burden and expense of continued litigation, which is in addition to assessments from payment card brands, Eddie Bauer has agreed to settle the litigation on the terms as set forth in this settlement, subject to court approval.”
continue reading »