Becky Yerak of the Chicago Tribune reports:
The grocer laid out the math in its filing: It notes that, based on the plaintiff’s allegations, the class could be as large as 500,000. If each one spent at least two hours of “time and effort” dealing with the breach – even if they were minimum-wage workers being paid $7.25 an hour – the potential damage could be $7.25 million, says Schnuck, which also has stores in Champaign, Urbana, Peoria, Springfield, Normal, DeKalb and Roscoe.
Furthermore, Schnucks points out, the Illinois Supreme Court has in the past approved a ratio of punitive to compensatory damages of about 11 to 1.
When has any databreach resulted in an hourly rate for damages to consumers? And when has there been any award, period, where there has been no demonstration of actual harm? I realize that Schnucks would be eager to consolidate cases and remove them to federal court, but can the court look at this and say, “No court has ever awarded anything like this for a data breach, so this is unrealistic?”