In 2014, hackers placed malware on Home Depot’s self-checkout kiosks in stores across the United States that allowed them to steal about 56 million customers’ personal financial information. This included names, card numbers, expiration dates, and security codes.
Home Depot Agreement
Home Depot has agreed to pay $25 million as well as fortify its data security practices to settle a putative class action brought by financial institutions after the 2014 data breach, according to documents that were recently filed in Georgia federal court.
The parties, “after several years of contentious litigation” have reached an agreement that would have Home Deport pay $25 million into a non-revisionary fund to be distributed to financial institutions that have not already released their claims against the store for losses coming from the widely-publicized payment card data breach.
According to the agreement, a fixed payment estimated to be $2 per compromised card will make financial institutions able to file a valid claim without having to submit documentation of their losses and regardless of whether any compensation has already been received from another source. Plaintiffs noted, that class members that submit proof of losses are also eligible for a supplemental award of up to 60 percent of their documented, uncompensated losses from the data breach.
The attorneys at Parker Waichman LLP have extensive experience in all areas of litigation. Our lawyers are actively reviewing potential lawsuits on behalf of individuals seeking legal advice.
Allegations of What Led to the Breach
The financial institutions’ cases alleged that the breach was “the inevitable result” of data-security practices of Home Depot, “characterized by neglect, incompetence and an overarching desire to minimize costs.” They also claimed the retailer had ignored warning signs from employees, expert opinions, and industry standards in its repeated refusal to ramp up security. It was also noted that their losses from the subsequent fraud were in the billions.
“Credit unions and their members have unfortunately borne the brunt of lax merchant data security standards,” said Jim Nussle, president and CEO of the Credit Union National Association (CUNA) and a plaintiff in the case. “This would be a step toward making them whole again,” he said in a statement announcing the settlement.
The pact comes after Home Depot’s agreement in March 2016 to hand over $13 million, fund identity protection services, and implement new data security measures to settle a putative class of consumers’ claims concerning the breach. This “represents one of the better outcomes in data breach litigation,” CUNA added.
According to the settlement, the class will be notified that counsel may request up to $18 million, which comes to less than 30 percent of the total of the $25 million settlement fund, the $2.25 million for sponsored entities, and the $14.5 million in premiums paid as part of the card brand recovery processes. Home Depot has also agreed to pay up to$2,500 as a service award for each of the financial institutions named in the consolidated class action complaint. The plaintiffs include 50 financial institutions from 44 states along with 16 state credit unions associations and CUNA.
“We’re hopeful credit unions will see more victories in data breach suits going forward,” Nussle said. He added, that in the meantime, “CUNA will continue pursuing a legislative solution that will result in stricter merchant data security standards, making it much harder for merchants to compromise payment card information.”
CUNA said in a statement that its research into the data breach discovered that the intrusion cost credit unions alone about $60 million.
A boost was given the financial institutions in May when U.S. District Judge Thomas Thrash Jr. allowed the overwhelming majority of the plaintiffs’ claims to remain, saying that they had pled actual injuries that gave them standing.
Other Data Breaches
Home Depot’s case had similarities with proposed class actions brought by banks and credit unions following other major data breaches. Target Corporation, for example, agreed in December 2015, to pay $39 million to settle financial institutions’ claims following a Minnesota federal court’s refusal to toss most of the litigation and certified a class of all financial institutions that issued cards affected by the hack.
Currently, Wendy’s is facing litigation put forth by CUNA and over two dozen other financial institutions that allegedly incurred expenses after the theft of payment card data at the fast food chain in 2016.
Legal Information and Advice
If you or someone you know needs advice or legal information regarding a potential lawsuit, Parker Waichman LLP personal injury lawyers offer free, no-obligation case evaluations. We urge you to contact our attorneys at 1-800-YOURLAWYER (1-800-968-7529).