The 52-page settlement was proposed by St. Petersburg, Fla.-based Certegy on Jan. 9 but just came to light this week. It currently is under review by a judge in Tampa.

Certegy, a check-processing company that is a subsidiary of Fidelity National Information Services Inc., said last summer that a rogue database administrator had and then sold the personal data of about 2.3 million consumers to data brokers. The company later upped the number of compromised accounts to 8.5 million in filings made to the in August.

If accepted, Certegy's proposed settlement would give qualifying members of the plaintiffs class one year's worth of free credit monitoring services, plus up to two year's worth of free bank account monitoring services for individuals whose banking information might have been compromised in the incident.

In addition, consumers who can show that they were victimized by identity theft as a result of the breach will be eligible for certain "out-of-pocket" costs, such as those resulting from bank overdraft fees, according to a copy of the settlement sent to Computerworld by Certegy.

But there are several caveats to that particular offer. For instance, Certegy has capped the total amount of money it will pay for identity theft claims to US$4 million, which will be disbursed on a first-come, first-served basis. Claims have to be filed within 90 days of the discovery of an identity theft incident or before March 31, 2011, -- whichever comes first. And the maximum amount that an individual can recover is $20,000.