A recent Law 360 story by Joyce Hanson, “Chipotle Customers Want $1.2M Atty Fees in Data Breach Suit,” reports that customers in a class action suit over a 2017 Chipotle data breach that exposed their names and payment card numbers to hackers asked a Colorado federal judge for $1.2 million in attorney fees, saying a mediator proposed that figure as the parties were settling.
The Chipotle Mexican Grill Inc. customers' unopposed motion calls for fees of $1,165,782 after about $34,000 in expenses are deducted, based on class counsel's 2,406 hours of investigation, prosecution and litigation settlement, according to a brief filed. Also under the fee proposal, six class representatives led by Todd Gordon and five other plaintiffs will each receive an incentive award of $2,500.
Settlement class members would be eligible for out-of-pocket reimbursement of up to $250, including an automatic payment for each affected card, payment for customers' time spent dealing with fraud issues and reimbursement for credit monitoring and identity theft insurance, the brief said. In addition, class members who suffered other "extraordinary" unreimbursed monetary losses because of compromised information can make a claim for reimbursement of up to $10,000, according to the proposed settlement.
"Without these individuals' investment of time, and their courage to step forward and vindicate the class' rights against a large institution, the class would not have obtained the substantial relief offered by the settlement," the customers said.
Chipotle revealed in April 2017 that it had detected a data security breach in its electronic processing and transmission of confidential customer and employee information. The burrito chain acknowledged at the time that it may be subject to lawsuits because of the breach that reportedly affected transactions from March 24 through April 18 of that year.
Financial institutions that sued over the breach told the court in March that the parties had reached a confidential settlement agreement. On June 19, U.S. District Judge Christine M. Arguello granted the customers' June 13 unopposed motion for preliminary approval of the settlement, conditionally certifying the class.
Bennett G. Picker of Stradley Ronon Stevens & Young LLP served as a private mediator after the customers sent their settlement demand to Chipotle in November 2018, according to the brief. The parties first held several phone calls with Picker before sitting down with him in a full-day mediation session in Florida, the customers said.
After agreeing on the data breach settlement's material terms, the parties turned to the question of attorney fees and costs, according to the brief. When they reached an impasse and couldn't agree despite significant negotiation, Picker submitted a mediator's proposal that both sides finally accepted, the brief said.
The customers said the requested fee award is consistent with attorney fees approved in the court and in other data breach settlements. Class counsel's lodestar of $1.44 million through Oct. 31 represents a 0.83 negative multiplier, which "supports the reasonableness of the fee requested," the customers said.