Aggrieved customers and their lawyers have filed at least 70 lawsuits against Target since the retailer reported its giant holiday shopping data breach.
Now those cases have to grind their way through the court system -- a process that experts say could take years and have little benefit for customers.
"Really the issue is ... if the information is out there and no one uses it, am I harmed?" said William Audet, a plaintiff's attorney who specializes in consumer protections. Target customers have approached him with their cases, but he said he has not taken any.
Audet believes many Target (TGT) customers do have a case but won't win a major monetary award. If there is an award, legal costs would likely be deducted, and the remainder split between the millions of customers.
Related: Timeline - Retail cyberattacks hit millions of customers
There's precedent for customers taking home very little: The largest retail breach before Target ended with TJX (TJX), operator of T.J. Maxx, offering customers vouchers, a storewide sale and credit monitoring. Paul Stephens of the Privacy Rights Clearinghouse, a consumer organization, said coupons and sales are "worthless" as compensation since they actually help the retailer's sales.
Related: HVAC vendor eyed as entry point for Target breach
The suits against Target were filed in a variety of courts and will likely be consolidated into a single legal action before a federal judge. The judge could decide that the class of plaintiffs who get to participate is significantly smaller than the 110 million whose data was stolen.
Only the best cases with claims clearly showing harm will be consolidated into the class action, Audet said. Those will likely include customers whose bank accounts or credit lines were drained after the breach. And at this point it's unclear how many people that might be.
Target said it would cover customers' losses, such as unauthorized purchases made using their cards. It also offered credit monitoring. Audet said Target could argue those offers show it is trying to make customers whole.
Related: Stolen credentials blamed in Target breach
But many customers detail losses beyond those to their bank accounts.
Brandon Fairchild said the $900 in his debit account was emptied several days after shopping at Target, leaving him unable to pay a restaurant bill -- and to put fuel in his truck and feed his children. His bank eventually reinstated the stolen cash, but he had to improvise in the meantime.
"It's impacted me greatly," Fairchild said. "It's not huge amounts of money, but it's a paycheck where I live paycheck to paycheck."
He lost a day's wages when he took time off from work to file a police report and dispute the charges with his bank. He and his wife spent hours on the phone and had to borrow money from family and friends while waiting for his account to be reinstated.
Related: Target hack: Tips for all customers
Fairchild and others learned their accounts had been breached days after their Target purchases. Several of the lawsuits allege customers could have done more to protect themselves if Target had notified them of the breach immediately.
"Target was so terrified of scaring off customers during the busy holiday shopping season that it failed to properly inform the millions of customers whose personal financial information had been stolen as a result of Target's negligence," claimed Kami Raleigh in her suit against the retailer.
Target declined to speak on the pending suits. But it has said it notified banks and customers soon after it discovered the breach.
Many of the cases also claim the retailer was negligent in its security practices and did not follow industry standards.
Also suing Target are several credit unions and banks seeking to recoup the cost of notifying customers and replacing thousands of debit and credit cards. Altogether, over 17 million cards have been replaced since the breach, according to a banking industry group.
Don't expect the cases to be resolved quickly. Audet said the procedural maneuvers could last two years, long after the public has stopped paying attention.