IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF PENNSYLVANIA : CIVIL ACTION
IN RE WAWA, INC. This document applies DATA SECURITY LITIGATION : to the Financial Institutions Track.
No. 19-6019 ; and all related cases.
MEMORANDUM PRATTER, J. OCTOBER py 2023
Spanning over more than a year, Wawa and the Financial Institutions engaged in settlement negotiations where each party spiritedly advocated for its stated position, But like the Rolling Stones taught us decades ago, “you can’t always get what you want,” and by embracing that mantra, the parties compromised and found that they could “get what they need.”! The parties reached an agreement after an arm’s-length negotiation capably overseen by Judge Diane Welsh, with an ultimate settlement that is “fair, reasonable, and adequate” that should effectively distribute compensation to the class members. For those reasons, the Court grants preliminary approval to the settlement agreement. BACKGROUND In Mareh 2019, hackers gained access to Wawa’s point-of sale (“POS”) systems and installed malware allowing them to steal payment card data for nine months. The financial data, which included credit and debit card numbers, card expiration dates, and cardholder names, was
' The Rolling Stones, You Can’t Ahvays Get What You Want, on Let li Bleed (Decca Records 1968).
posted on the “dark web.” First Choice Federal Credit Union filed the first financial institution class action in January 2020, which was consolidated into one action on three tracks: financial institutions, employees, and consumers. J. Settlement Negotiations and the Proposed Settlement After extensive initial discovery, the parties began discussing a possible settlement in November 2021, The parties then held their first mediation session on December 15, 2021, supervised by the Honorable Diane M. Welsh, U.S.M.J. (Ret.). However, though they made some progress, the parties remained at an impasse after a full day of discussions. They held a second mediation session on January 4, 2022, but again could not come to a final deal. They had a third mediation session with Judge Welsh on Apri 29, 2022, and again in June 2022. Finally, on August 26, 2022, the parties crafted a comprehensive settlement agreement, solicited proposals from settlement administrators, drafted the proposed notices, claim form, and proposed orders, and negotiated terms for the contemplated escrow accounts. This culminated in Wawa executing the proposed settlement agreement on March 3, 2023, The Proposed Settlement Class, estimated to include some 5,000 financial institutions, includes “[a]ll financial institutions in the United States (including its Territories and the District of Columbia) that issued payment cards (other than American Express) that either: (a) were Alerted on Payment Cards; or (5) were used at Wawa during the period of the incident March 4, 2019- December 12, 2019.” The proposed settlement agreement provides for three tiers of relief for the class members: Tier 1 —$5,00 per replaced payment card. The class member must attest, under penalty of perjury, to having cancelled and replaced impacted cards in response to the data breach, if replaced between December 12, 2019, and May 1, 2020. Wawa has committed a minimum of $3 million and maximum of $18.5 million for Tier 1, and the Settlement Administrator will make pro rata adjustments to the per-card compensation rate, upward or downward, if the total value of approved claims is below or above the minimum and maximun, respectively,
e ‘Tier 2 — Fraudulent charges up to $4,000 per financial institution. The class member must provide a statement reflecting unreimbursed out-of-pocket absorption or reimbursement to a cardholder of fraudulent charges on impacted cards if the charges occurred between December 12, 2019 and May i, 2020. Tier 2 payments have a cap of $8 million, with a downward pro rata adjustment to meet the cap if necessary, e Tier 3 — Claim without documentation. The class member can submit a claim that it incurred some cost in the data breach’s aftermath, The value will be a fixed amount for all claiming class members, calculated by dividing $2 million by the final number of members confirmed during the notice period. For those financial institutions who do not exclude themselves from the settlement agreement or take one of these tiered payments, they release their breach-related claims against Wawa. A financial institution must exclude itself if it wants to pursue its own litigation against Wawa over the data breach. Wawa has also agreed to pay a iump sum of up to $9 million for attorneys’ fees and expenses, The parties attest that this amount was negotiated with Judge Welsh’s supervision after the parties substantially reached agreements on the structural Class Member relief terms and other components of the substantive settlement. Counsel for the Financial Institutions (“FI Counsel”) will also be applying for services awards for $10,000 for each of the three class representatives. As of December 31, 2022, FI Counsel states they have incurred $79,877.24 in expenses. They expect that the total compensation will be $8.8 million in attorneys’ fees by the end of the settlement process, This Court heard from both parties at oral argument on the proposed settlement agreement on September 28, 2023, H. Notice Pian and Settlement Administration The proposed notice plan includes three components: (1) direct notice via USPS First Class mail to all financial institutions identified, with a subsequent reminder postcard; (2) published
notice in banking or other financial institution publications/online publications; and (3) published notice on a dedicated settlement website. The Financial Institutions plan to conduct limited discovery with Visa, Mastercard, Discover, and any other necessary parties to determine the names and addresses of class members. The notice will include the link to a settlement website that will be made available to the class members. Finally, the Financial Institutions recommend appointing Analytics Consulting as Settlement Administrator, which has performed administration services in other payment card data breach cases. LEGAL STANDARD Federal Rule of Civil Procedure 23(e) sets forth the requirements for class settlements. Hall vy. Accolade, Inc., No. 17-cv-03423, 2019 WL 3996621, at *2 (E.D, Pa. Aug. 23, 2019), The Court must be given information to allow it to “determine whether to give notice of the proposal to the class.” Fed. R. Civ. P. 23(e)(1)(A). When deciding when to give notice, the parties must demonstrate that “the court will likely be able to: (i) approve the proposal under Rule 23(e)(2); and (ii) certify the class for purposes of judgment on the proposal.” /d, at 23(e)(1)(B). A court may provisionally certify a class at the preliminary stage while “leaving the final certification decision for the subsequent fairness hearing.” Hail, 2019 WL 3996621, at *2. If a court determines that it will “likely be able to” approve the settlement and certify the class, it should direct notice in a “reasonable manner to all class members who would be bound by the proposal.” Fed. R. Civ. P. 23(e})(1)(B); id at 23(c)(2)(B) (regarding notice of class certification); see, e.g., In re Processed Egg Prods. Antitrust Litig., No. 08-md-2002, 2014 WL 12614451, at *2-4 (E.D. Pa. Dec. 19, 2014) (conditionally certifying class, preliminarily approving settlement, and directing notice to proposed class). Rule 23(e)(2) requires that a settlement be “fair, reasonable, and adequate,” and sets forth several factors a court must consider in determining the fairness of a settlement. These factors
include whether: adequate representation was provided, the proposal was negotiated at arm’s length, relief is adequate and accounts for the costs, risks, and possible delay of trial and appeal, the effectiveness of any proposed method of distributing relief to the class, and the terms of proposed attorneys’ fees, and whether the proposal treats class members equitably relative to each other. Fed. R. Civ. P. 23(e)(2). Furthermore, “[i]Jn gauging fairness, district courts must weigh at least nine factors,” Frederick v. Range Resources-Appalachia, LLC, Nos, 22-1827 & 22-1828, 2023 WL 418058, at *2 (3d Cir, Jan 26, 2023) (citing Girsh v. Jepson, 521 F.2d 153, 157 (3d Cir. 1975)). These Girsh factors “are in many respects” codified in Rule 23(e). Vinh Du v. Blackford, No. 17-cv-194, 2018 WL 6604484, at *6 (D. Del. Dec, 17, 2018). A proposed class must satisfy the requirements of Rule 23(a) and at least one provision of Rule 23(b). Fulton-Green v. Accolade, Inc., No. 18-cv-274, 2019 WL 316722, at *2 (B.D. Pa. Jan. 24, 2019). Rule 23(a) requires that: “(1) the class is so numerous that joinder of all members is impracticable; (2) there are questions of law or fact common to the class; (3) the claims . . . of the representative parties are typical of the [class] claims ...; and (4) the representative parties will fairly and adequately protect the interests of the class.” Fed. R. Civ. P. 23(a). Under Rule 23(b)(3) the action may be maintained when “questions of law or fact common to class members predominate over any questions affecting only individual members,” and a “class action is superior to other available methods for fairly and efficiently adjudicating the controversy.” Fed. R. Civ. P. 23(b)(3). Additionally, notice must be the “best notice that is practicable under the circumstances, including individual notice to all members who can be identified through reasonable effort.” Jd. at 23(c)(2)(B).
DISCUSSION HI. Class Certification “In order to approve a class settlement agreement, a district court first must determine that the requirements for class certification under Rule 23(a) and (b) are met.” Jy re Pet Food Prods. Liab. Litig., 629 F.3d 333, 341 Gd Cir. 2010), Rule 23(a) permits certification only if: (1) the class is so numerous that joinder of all members is impracticable; (2) there are questions of law or fact common to the class; (3) the claims or defenses of the representative parties are typical of the claims or defenses of the class; and (4) the representative parties will fairly and adequately protect the interests of the class. Fed, R, Civ. P. 23(a). [fa district court finds that the putative class meets each of these factors, then the court determines if the putative class fits within one of the categories of class actions under Rule 23(b). In re Processed Egg Prods. Litig., 284 F.R.D. 249, 259 (E.D. Pa. 2012). The Financial Institutions here seek to certify under Rule 23(b)(3), which requires “that the questions of law or fact common to class members predominate over any questions affecting only individual matters, and that a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.” Fed. R. Civ. P. 23(b)(3). The Court finds that both the Rule 23(a) and (b)(3) requirements are satisfied. A. Rule 23(a) 1, Numerosity In determining whether joinder is impracticable, the court considers a number of factors, including judicial economy, the ability and motivation to litigate as joined plaintiffs, class members’ financial resources, geographic dispersion, the ability to identify future claimants, and whether the claims are for injunctive relief or for damages. Value Drug Co. v. Takeda Pharms., USA, Ine., No. 21-cv-3500, 2023 WL 2314911, at *7 (E.D. Pa. Feb. 28, 2023).
Here, the numerosity requirement is easily met. There are an estimated 5,000 financial institutions that would be covered under the putative class. Lynch Dec. J 6 (Doc. No. 360-2). As presented during oral argument, a significant number of these are small “mom and pop” businesses dispersed throughout the United States that would otherwise be unable to bring a separate suit. FI Counsel also argued that there is no way to specifically identify each financial institution that had to replace cards due to the Wawa data breach. 2, Commonality The second factor requires that the court determine whether “there are questions of law or fact common to the class.” Fed. R. Civ. P. 23(a)(2). Commonality does not require that each putative class member have identical claims. Hassine v. Jeffes, 846 F.2d 169, 176-77 (3d Cir. 1988). Instead, the factor “will be satisfied if the named plaintiffs share at least one question of fact or law with the grievances of the prospective class.” Baby Neal v. Casey, 43 F.3d 48, 56 Gd Cir. 1994). Here, there are multiple common questions, each concerning the various negligence requirements. For example, each of the class members would have to prove by a preponderance of the evidence that Wawa owed a duty to each financial institution to protect its credit card data. They would all have to show that Wawa’s specific negligent acts or omissions caused the data breach to occur and whether proximate cause existed. Therefore, the Court finds that commonality is satisfied. 3. Typicality To meet the typicality requirement, the representative parties must present claims “typical of the claims or defenses of the class.” Fed. R. Civ. P. 23(a)(3). “Typicality ensures the interests of the class and the class representatives are aligned ‘so that the latter will work to benefit the entire class through the pursuit of their own goals.’” Newton v. Merrill Lynch, Pierce, Fenner &
Smith, Inc., 259 F.3d 154, 182-83 Gd Cir. 2001) (quoting Barnes v. Am. Tobacco Co., 161 F.3d 127, 141 Gd Cir. 1998)). Here, typicality is satisfied because the class representatives’ claims and those of the putative class members arise from the same conduct. As the Financial Institutions make clear, each institution’s claim stems from Wawa’s data security measures and whether they were adequate to protect payment card data. Mem. in Supp. of Unopposed Mot. for Preliminary Approval at 27 (Doc. No. 360-1). Such conduct allegedly caused the same injury typical to all class members. Je. at 28. Each institution’s claim is virtually identical to one another. Thus, typicality is met. 4. Adequacy of Representation Finally, adequacy of representation focuses on whether “the representative parties will fairly and adequately protect the interests of the class.” Fed. R. Civ. P. 23(a)(4). “It tests the qualifications of class counsel and the class representatives. It also aims to root out conflicts of interest within the class to ensure that all class members are fairly represented in the negotiations.” Nat'l Football League Players Concussion Injury Litig., 821 F.3d 410, 428 (3d Cir. 2016). This requires a district court “to assure that class counsel: (1) possessed adequate experience; (2) vigorously prosecuted the action; and (3) acted at arm’s length from the defendant.” J re Gen, Motors Corp. Pick-Up Truck Fuel Tank Prods. Liab. Litig., 55 F.3d 768, 801 Gd Cir. 1995). Here, Interim Co-Lead Class Counsel has “been practicing law for more than 33 years and represent[s] plaintiffs in complex matters, including many national class actions.” Lynch Dec. { 2 (Doc. No. 360-2), In the same sworn declaration, Fl Counsel aver that they have “aggressively litigated this action from the outset[,]” including by “fil[ing] a thorough and detailed consolidated amended complaint[,]” pressing forward in initiating discovery, and negotiating initial agreements. Id. 4-5.
Furthermore, the parties negotiated the proposed settlement agreement at arm’s length, facilitated by a highly respected and successful mediator. See Mem. in Supp. of Unopposed Mot. for Preliminary Approval at [6 (Doc. No. 360-1). This was not a settlement agreement reached overnight but rather one that commenced in November 2021 and did not ultimately conclude until March 2023. /d. at 5-7. No party received exactly what they wanted, as evidenced during oral argument. All evidence indicates that the settlement was conducted at arm’s length by adequate, experienced counsel, Thus, the fourth and final Rule 23(a) factor is satisfied, B. Rule 23())Q) 1. Predominance The Court must also find “that the questions of law or fact common to class members predominate over any questions affecting only individual members[.]” Fed. R. Civ. P. 23(b)(3). “The predominance inquiry tests whether proposed classes are sufficiently cohesive to warrant adjudication by representation.” Sullivan vy. DB Invs., Inc., 667 F.3d 273, 297 Gd Cir. 2011) (internal citations and quotations omitted). Further, the Court of Appeals for the Third Circuit “provides that the focus of the predominance inquiry is on whether the defendant’s conduct was common as to all of the class members, and whether all of the class members were harmed by the defendant’s conduct.” Jd. at 298. Here, Wawa’s conduct was common as to all class members, with the proposed class of financial institutions being sufficiently cohesive to warrant class representation. The issues facing each class member are the same: demonstrating the degree of the Wawa data breach and proving Wawa’s culpability under Pennsylvania negligence law. Though there may be minor differences among the class members, such as size and degree of damages, none of these would preclude the aforementioned issues being decided on a class-wide basis. See In re Warfarin Sodium Antitrust
Litig., 391 F.3d 516, 528 (3d Cir. 2004) cholding that liability depended on the defendant’s conduct and not “on the conduct of individual class members”), Thus, predominance is met. 2. Superiority Finally, the Court nvust find “that a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.” Fed. R. Civ. P. 23(b)(3). In essence, “[t]he superiority requirement asks the court to balance, in terms of fairness and efficiency, the merits of a class action against those of alternative available methods of adjudication.” In re Prudential Ins. Co, Am, Sales Practice Litig. Agent Actions, 148 F.3d 283, 316 (3d Cir. 1998). But “[c]onfronted with a request for settlement-only class certification, a district court need not inquire whether the case, if tried, would present intractable management problems, see Fed, Rule Civ. Proc. 23(b)(3}(D), for the proposal is that there be no trial.” Amchem Prods., Inc. v. Windsor, 521 U.S. 591, 620 (1997). Here, the claims among the class representatives and the class members are virtually identical in that they stem from the same underlying conduct. Without preceeding on a class action basis, 5,000 financial institutions with almost as many different lawyers could be litigating this matter either in a joined action or in 5,000 different cases nationwide. Many of these financial institutions would likely have small claims that would be impractical to litigate on an individual basis. Thus, the superiority requirement is met. IV. Notice “In the class action context, the district court obtains personal jurisdiction over the absentee class members by providing proper notice of the impending class action and providing the absentees with the opportunity to be heard or the opportunity to exclude themselves from the class.” Prudential, 148 F.3d at 306. Notice must:
clearly and concisely state in plain, easily understood language: (i) the nature of the action; Gi) the definition of the class certified; Gii) the class claims, issues, or defenses; (iv) that a class member may enter an appearance through an attorney if the member so desires; (v) that the court will exciude from the class any member who requests exclusion; (vi) the time and manner for requesting exclusion; and (vii) the binding effect of a class judgment on members under Rule 23(c\(3). Fed. R. Civ. P. 23(c)(2)(B). Here, the Court is satisfied that notice is adequate. Notices in such cases as this always present a challenge of trying to mold complicated concepts into “plain English” to explain the reader’s rights, recognizing that the reader may well have been completely in the dark about the claim until opening a puzzling envelope. The proposed notice here, however, includes all the information required under the Federal Rules and presents it in a clear manner, with large headings and subheadings that can easily guide a class member. Furthermore, the notice will be sent to commercial parties, both large and small financial institutions, with in-house or outside advisers who can more easily navigate the present class action settlement. The Court is also satisfied with the intended means of providing notice. The proposed Settlement Administrator, Analytics Consulting, will provide notice through USPS First Class Mail to all identified financial institutions, publish notice in banking publications with which the financial institution class members should be familiar, and publish notice on the dedicated settlement website. Mem. in Supp. of Unopposed Mot. for Preliminary Approval at 11-12 (Doc. No, 360-1). Similar methods of notice have been found adequate. See in re Processed Egg Prods., 284 F.R.D. at 266 (finding that publication of notice “in several appropriate publications” was adequate), FI Counsel additionally plan to conduct limited discovery with card networks such as Visa and Mastercard to glean relevant information and to determine the ultimate number of class members. Mem. in Supp. of Unopposed Mot. for Preliminary Approval at 11 (Doc. No. 360-1). Accordingly, the Court is satisfied that notice is adequate under Rule 23.
VY. Fair, Reasonable, and Adequate “Approving a class-action settlement ‘is left to the sound discretion of the district court.’” Frederick, 2023 WL 418058, at *2 (quoting Girsh, 521 F.2d at 156). However, the Court must still protect absentee class members by ensuring the class members receive adequate compensation in exchange for their release of claims. In re Processed Egg Prods., 284 F.R.D. at 266 (citing Prudential, 148 F.3d at 316-17). The Court applies the nine factors in Girsh to evaluate the fairness of the proposed settlement. Jn re Pet Food Prods., 629 F.3d at 350. These include: (1) The complexity, expense and likely duration of the litigation (2) The reaction of the class to the settlement (3) The stage of the proceedings and the amount of discovery completed (4) The risks of establishing liability (5) The risks of establishing damages (6) The risks of maintaining the class action through the trial (7) The ability of the defendants to withstand a greater judgment (8) The range of reasonableness of the settlement fund in light of the best possible recovery (9) The range of reasonableness of the settlement fund to a possible recovery in light of ali the attendant risks of litigation Girsh, 521 F.2d at 157. In addition to the Girsh factors, the Court of Appeals for the Third Cirenit has identified additional non-exclusive factors in the wake of a “sea-change in the nature of class actions” after Girsh was decided. In re Pet Food Prods., 629 F.3d at 350 (quoting Prudential, 148 F.3d at 323). These factors include: [1] the maturity of the underlying substantive issues, as measured by experience in adjudicating individual actions, the development of scientific knowledge, the extent of discovery on the merits, and other factors that bear on the ability to assess the probable outcome of a trial on the merits of liability and individual damages; [2] the existence and probable outcome of claims by other classes and subclasses; [3] the comparison between the results achieved by the settlement for individual class or subclass members and the results achieved — or likely to be achieved — for other claimants; [4] whether class or subclass members are accorded the right to opt out of the settlement; [S] whether any provision for attorneys’ fees are reasonable; and 12
[6] whether the procedure for processing individual claims under the settlement is fair and reasonable. Prudential, 148 F.3d at 323. The Court should consider the “Prudential factors” when appropriate. In re Pet Food Prods., 629 F.3d at 350, “The proponents of the settlement bear the burden of proving that these factors weigh in favor of approval.” Jn re Gen. Motors, 55 F.3d at 785, A. Girsh Factors In evaluating the proposed settlement agreement, the Court assesses each Girsh factor in (urn. 1. The Complexity, Expense and Likely Duration of the Litigation The first Girsh factor “captures the probable costs, in both time and money, of continued litigation.” Warfarin, 391 F.3d at 535-36, This factor is easily met here. ‘This is a complex class action lawsuit regarding damages from a data breach, an area of law that has not yet been fully developed. Additionally, the parties would have significant expenses in briefing and arguing class certification, summary judgment, expert reports, and maintaining class certification throughout trial. This is further exemplified by the fact that FI Counsel have already incurred approximately $80,000 in expenses, even before extensive discovery has begun. Therefore, the first Girsh factor weighs in favor of approving the proposed settlement agreement. 2. The Reaction of the Class to the Settlement The second factor “gauge[s] whether members of the class support the settlement.” Prudential, 148 F.3d at 318. At the present stage, the Court cannot fully evaluate this factor because the Financial Institutions seek only preliminary approval and approval to send notice to the class members. However, the proposed settlement agreement does not include a minimum, or maximum, number of objectors to render the settlement effective. Provided that the notice to class
members ensures that affected financial institutions have an adequate amount of time to object to the settlement, the Court does not see any substantial issues on the second factor at this time. 3. Stage of Proceedings and Amount of Discovery Completed The third factor “captures the degree of case development that class counsel have accomplished prior to settlement. Through this lens, courts can determine whether counsel had an adequate appreciation of the merits of the case before negotiating.” In re Automotive Refinishing Paint Antitrust Litig., 617 F. Supp. 2d 336, 342 Gd Cir, 2007) (cleaned up). If the case is in the stages, counsel can demonstrate sufficient case development by having “conducted significant independent discovery or investigations to develop the merits of their case (as opposed to supporting the value of the settlement), that they had retained their own experts, or that they had deposed a significant number of the individuals implicated in the materials from other proceedings.” [7 re Gen. Motors, 55 F.3d at 814. Here, although somewhat early in the litigation process, the Court finds that FI Counsel have adequately developed their case and engaged in a significant degree of case development. For example, FI Counsel worked with Wawa over a period of eight months to establish a discovery
. protocol, including which search strings Wawa would run and which custodians would be used for document production. Lynch Dec. {5 (Doc. No. 360-2). The Financial Institutions also responded to numerous Wawa documents and produced hundreds of documents from ten custodians, /d. Beyond that, Fl Counsel exerted significant effort in the settlement negotiation itself. They engaged in three full-day mediation sessions with Judge Welsh from December 2021 to April 2022, Id | 7. They submitted extensive pre-mediation memoranda before each session, and once a settlement was reached, the parties crafted a comprehensive agreement, drafted the proposed notices, and negotiated terms for the compieted escrow accounts, fd, {J 7-10.
Finally, prior to reaching the settlement, FI Counsel frequently communicated with the Class Representatives, other financial institutions, and experts in the data security and payment card industries. Jd. § 11. They carefully reviewed this information, as well as documents produced in discovery, expert consultations, and precedent in similar data breach cases, /d. By engaging in this thoughtful analysis, FI Counsel evaluated the strengths and weaknesses of the Financial Institutions’ claims such that it could come to a fair, reasonable, and adequate settlement at this stage of the proceedings. Thus, the third Girsh factor weighs in favor of preliminary approval of the settlement agreement. 4, & 5. Risks of Establishing Liability and Damages These factors compel the Court to “survey the potential risks and rewards of proceeding to litigation in order to weigh the likelihood of success against the benefits of an immediate settlement.” Warfarin, 391 F.3d at 537. This requires the Court to balance “the likelihood of success and the potential damage award if the case were taken to trial against the benefits of an immediate settlement,” Prudential, 148 F.3d at 319. Here, there are significant risks for the Financial Institutions in proving liability and damages. For example, FI Counsel proffers that “in the still developing area of data breach litigation, there are many impediments to victory for a plaintiff suffering harm in a data breach, as well as significant impediments to class certification.” Lynch Dec. § 18 (Doc. No. 360-2). Additionally, FI Counsel stated during oral argument that there is a high risk of being unable to establish causation because the credit card networks no longer provide data and analytics concerning baseline fraud that the Financial Institutions could then compare against fraud resulting from the data breach. In sum, it is far from a guarantee that the Financial Institutions would prevail in this case, and thus a setthement agreement totaling up to $28.5 million is fair, reasonable, and
adequate in this still developing, novel area of the law. Thus, these two factors weigh in favor of the proposed settlement. 6. Risks of Maintaining Class Status The sixth Girsh factor accounts for the fact that a district court can alter or amend its decision to certify the class under Federal Rule of Civil Procedure 23(c)(1)(C). Indeed, the court may decertify the class if the class proves to be unmanageable. Perry v. FleetBoston Fin. Corp., 229 FLR.D, 105, 116 (E.D. Pa. 2005) (citing in re Linerboard Antitrust Litig., 321 F. Supp. 2d 619, 631 (E.D, Pa, 2004)). In any event, “[i]n a settlement class, this factor becomes essentially toothless because a district court need not inquire whether the case, if tried, would present intractable management problems, for the proposal is that there be no trial.” /n re Nat’! Football League, 821 F.3d at 440 (cleaned up). Here, there is no certainty that Financial Institutions would have won on class certification, let alone maintain that status throughout the entire litigation. In fact, data breach class actions involve “a risky field of litigation because data breach class actions are uncertain and class certification is rare.” Fulfon-Green, 2019 WL 4677954, at *8. Because of this high risk and because the proposed settlement would result in no trial being held, this factor weighs in favor of approving the proposed settlement agreement. 7. The Ability of the Defendant to Withstand a Greater Judgment This Girsh factor could compel the Court to determine whether Wawa “could withstand a judgment for an amount significantly greater than the Settlement.” Ji re Cendant Corp. Litig., 264 F.3d 201, 240 (3d Cir. 2001). Further, it would “most clearly relevant where a settlement in a given case is less than would ordinarily be awarded but the defendant’s financial circumstances do not permit a greater settlement.” Refbstein v. Rite Aid Corp., 761 F. Supp, 2d 241, 254 (E.D. Pa. 2011). 16
Here, Wawa there is no concern that Wawa could not withstand a judgment greater than $28.5 million, given that the company earned $14.93 billion in revenue in its most recent fiscal year, making Wawa the top-ranked private company in Pennsylvania and one of four private Pennsylvania firms in the Top 100 Private Companies.? Wawa Revenue Article, supra. Nevertheless, courts in the Third Circuit “regularly find a settlement to be fair even though the defendant has the practical ability to pay greater amounts.” AfeDonough y, Toys R Us, Inc., 80 F. Supp. 3d 626, 645 (E.D. Pa. 2015). Because Wawa could withstand a greater judgment, and approximately 5,000 financial institutions were affected, this factor could weigh against approval, 8. & 9. The Range of Reasonableness of the Settlement in Light of the Best Possible Recovery and the Attendant Risks of Litigation “The last two Girsh factors ask whether the settlement is reasonable in light of the best possible recovery and the risks the parties would face if the case went to trial.” Prudential, 148 F. 3d at 322. That is, the two factors “evaluate whether the settlement represents a good value for a weak case or a poor value for a strong case. The factors test two sides of the same coin; reasonableness in light of the best possible recovery and reasonableness in light of the risks the parties would face ifthe case went to trial.” Warfarin, 391 F.3d at 538. In other words, these factors function by first determining a plaintiff's expected value from the litigation and then comparing that with the proposed settlement amount. As discussed above, the Financial Institutions face great risk in this case: class certification is rare in data breach cases, there are profound hurdles in proving causation, and Financial
* Wawa is not the only PA-based convenience store chain within the Top 100. Its cross-state rival, Altoona- based Sheetz, ranked 37th and more than doubled its revenue from $5.6 billion to $11.7 billion. Wawa is Pa.’s Largest Private Company with $15B in Revenue, But Sheetz is Gaining Fast, NBC10 Philadelphia, https:/Avww.nbephiladelphia.com/news/business/wawa-is-pa-s-largest-private-company-with- 1 Sb-in- revenue-but-sheetz-is-gaining- □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□ 1 %20rankings, headquartered™%20in%20the%2 0Philadelp hia%20area (Dec. 6, 2022) (hereinafter “Wawa Revenue Article"). 17
Institutions would likely have to overcome summary judgment. Within that context, $28.5 million dollars, negotiated at arm’s-length before Judge Welsh, is especialiy reasonable when there is a high probability that proceeding in this case would yield nothing for the 5,000 financial institutions. Thus, these two factors weigh in favor of preliminary approval of the settlement. B. Prudential Factors Prudential instructs the court to evaluate additional factors “when appropriate.” 148 F.3d at 323. Especially important for this matter is evaluating “the existence and probable outcome of claims by other classes and subclasses.” fd. Here, the Court considers the proposed settlement juxtaposed with the two other litigation tracks. The Employee Track has just about completed discovery while only recently proceeding into the beginning of mediation. At the same time, this Court has already approved the proposed settlement between Wawa and the Consumer Track. See generally Inre Wawa, Inc. Data Security Litig., No. 19-cv-6019, 2022 WL 1173179 (E.D. Pa. Apr. 20, 2022). In the Consumer Track, $9 million was made available to the class, although injunctive provisions required Wawa to strengthen its data security systems and implement other measures to prevent further data breaches, valued at approximately $35 million. /d. at *1-2. The $35 million in that settlement to strengthen Wawa’s security apparatus will also serve to protect the Financial Institutions; after all, if there are fewer data breaches, the proposed class members will need to replace fewer cards and pay for fewer fraud-related charges. The class members here also stand to benefit greatly when their settlement amount totals $28.5 million, compared to the $9 million made available to the consumers, This makes sense: many consumers could have their fraud-related charges reimbursed by the Financial Institutions, the class that therefore bore the brunt of the data breach’s damage. Thus, the proposed settlement meets this Prudential factor.
Other Prudential factors weigh in favor of approving the preliminary settlement as well. These factors include “whether class or subclass members are accorded the right to opt out of the settlement; whether any provision for attorneys’ fees are reasonable; and whether the procedure for processing individual claims under the settlement is fair and reasonable.” Prudential, 148 F.3d at 323. Page Six of the proposed agreement reads in large, bold print “EXCLUDING YOUR FINANCIAL INSTITUTION FROM THE SETTLEMENT” and then provides the process by which a member can opt out. Doc. No. 360-4 at 6-7. Furthermore, FI Counsel has suggested hiring Analytics Consulting as Settlement Administrator. Analytics Consulting has consulted and implemented legal notice and claims management programs relating to class actions for 49 years and serves under contract with the U.S. Federal Trade Commission and U.S. Department of Justice to administer and provide advice on notice and claims processing. Simmons Dec. Jf 2-3 (Doc. No. 360-3), Analytics Consulting is more than capable of ensuring a fair and reasonable procedure for individual claims. Finally, the Court will briefly address the sought attorneys’ fees, though a more thorough analysis will be in order once the total amount of the settlement agreement is finalized, “There are two conventional methods of calculating attorneys’ fees in class actions — the percentage-of- recovery method and the lodestar method.” Fu/ton-Green, 2019 WL 4677954, at *11. “Most courts use the Lodestar method in data breach cases,” id. at *13, which “is calculated by multiplying the number of hours reasonably worked on a client’s case by a reasonable hourly billing rate for such services based on the given geographical area, the nature of the services provided, and the experience of the attorneys.” Jn re Rite Aid Corp. Sec. Litig., 396 F.3d 294, 305 (3d Cir. 2005), Here, Wawa has agreed to pay $9 million to cover attorneys’ fees and expenses, an amount that is separate from the $28.5 million maximum settlement amount paid to the class. Mem. in
Supp. of Unopposed Mot. for Preliminary Approval at 1 (Doc. No. 360-1). Judge Welsh supervised the negotiation of the attorneys’ fees, and the fees were negotiated after the parties substantially agreed on relief for the class, /d, at 9, Though FI Counsel has not yet provided its hourly rates and hours worked on the case so that the Court can apply the Lodestar method, the Court is satisfied at this point with the manner in which the parties negotiated the attorneys’ fees. Furthermore, by applying the percentage-of-recovery method, if Wawa pays out the full settlement amount, this yields 31.5% in attorneys’ fees and expenses as compared to the sum going to the class. Similar ratios have been approved in the past, see McDonough, 80 F, Supp. 3d at 649- 50 (finding 33.3% of the gross settlement amount too high but reducing it down to 31.2%), and the Court does not see immediate concern with approving that amount at this time. Should Wawa pay out significantly less than $28.5 million, however, the Court will reevaluate the $9 million in attorneys’ fees when determining final settlement approval. Thus, the settlement agreement meets the relevant Girsh and Prudential factors. CONCLUSION For the foregoing reasons, the Court grants the motion to approve the preliminary settlement and authorize notice of the proposed class action settlement.
Age y bizis GENE E.K.PRATTER UNITED STATES DISTRICT JUDGE