Last month, a Tennessee Federal court ordered Mapco Express, Inc. (“Mapco”) to pay approximately $1.9 million to settle class action claims arising from a 2013 data breach of its retail computer systems. The lawsuit was brought in 2014 by Winsouth Credit Union and First National Community bank and alleged that Mapco failed to adequately protect consumer financial information at its retail locations.
The settlement requires Mapco to pay $700,000 into a consumer settlement fund in addition to the $1.2 million that the company has paid to Visa and MasterCard, in furtherance of payouts associated with their data breach recovery procedures, while also certifying a class of the two companies’ card holders.
Takeaway: Federal courts are not shying away from awarding large settlements against companies who expose consumer data to potential breaches. Entities who handle large quantities of consumer financial information should ensure that adequate security measures are in place to prevent breaches as well as clear data breach response plans.