A recent Law 360 story by Matthew Santoni, “Attorneys Seek $15M From Wendy’s Data Breach Settlement,” reports that attorneys from Carlson Lynch and Scott & Scott want to take home $15 million in fees from a proposed $50 million settlement with Wendy’s over a 2016 data breach, asking a Pennsylvania federal court for final approval of the settlement and fee award.
Carlson Lynch LLP and Scott & Scott Attorneys at Law LLP, the class counsel for 18 financial institutions and five associations of credit unions, asked the U.S. District Court in Pittsburgh to approve awarding the firms 30% of the settlement fund, plus nearly $350,000 in expenses and a total of $120,000 in service awards for the lead plaintiffs in the case, according to a filing. “The settlement is an excellent result in a complex, high-risk, hard-fought case that provides a substantial financial recovery for payment card issuers that suffered losses as a result of the data breach,” the memorandum supporting the motion for fees said.
Led by First Choice Federal Credit Union, the financial institutions accused Wendy’s of mishandling customers’ payment card information in a way that allowed hackers to steal card numbers and make millions of fraudulent transactions. The institutions sued Wendy’s in 2016, seeking to recover their expenses from reimbursing cardholders for the fraudulent transactions.
U.S. Magistrate Judge Maureen Kelly gave her preliminary approval to the settlement in February. The law firms said they spent more than 22,000 hours on the case, including reviewing millions of pages of documents, deposing Wendy’s representatives and defending 16 full days of depositions for the various financial institutions and associations.
At rates ranging from $300 to $950 per hour, that time would have added up to a lodestar of about $11.5 million. The firms argued that taking 30% of the overall fund, or about 1.3 times the lodestar amount, was reasonable given the hard-fought nature of the case and the risk that Wendy’s could have won and the firms could have gotten nothing from their contingency agreements.
“There is no question that during the more than two-and-a-half years of litigation, plaintiffs faced, and plaintiffs’ counsel resisted, vociferous defenses to liability and damages,” the memo said. “Wendy’s continues to vehemently deny liability and there is no assurance that plaintiffs would have prevailed at class certification or summary judgment. ... Data breach litigation faces significant legal hurdles related to, inter alia, causation and damages. The fact that the breached locations were franchisees of Wendy’s also could have been a substantial obstacle in proving liability.”
With as many as 18 million payment cards compromised, the financial institutions would be recovering between $4.41 and $5.10 per card, depending on how many cardholders make claims, the firms said.
“This relief compares favorably with settlements negotiated by financial institution plaintiffs in the Target and Home Depot data breach class actions. Those settlements — both of which received final approval — provided financial institutions with $1.50 and $2.00 fixed per-card recovery, respectively,” the memo said. Fifteen financial institutions that had employees give depositions during the case will get service awards of $7,500 each, while the three that were not deposed will get $2,500 each, the fee proposal said.