A class action lawsuit brought by financial institutions against Home Depot for losses suffered during the retailer’s massive data breach can stand, U.S. District Judge Thomas W. Thrash, Jr., ruled May 18. Judge Thrash is overseeing the multidistrict litigation (MDL) in the Northern District of Georgia.
The cyberattack is believed to have occurred at Home Depot stores between April and September of 2014. The data breach compromised up to 56 million credit and debit card numbers. The litigation was centralized by the U.S. Panel on Multidistrict Litigation in December 2014.
Judge Thrash’s ruling found the financial institutions had pled actual injuries enough to give them standing, and proceed with allegations of negligence and state consumer protection law violations. The ruling will allow discovery to proceed on the company’s data security practices – or lack thereof. The financial institutions allege Home Depot refused to update its data security systems, despite repeated warnings from employees and experts, and ignored numerous red flags indicating a potential weakness.
Beasley Allen Principal & Consumer Fraud Section Head W. Daniel “Dee” Milles, III, is serving on the Plaintiffs Steering Committee (PSC) for the MDL. Beasley Allen lawyers Leslie Pescia and Andrew Brashier also are working on this litigation.
“Judge Thrash has issued perhaps the best data breach legal opinion to date concerning a quickly evolving area of the law and in a case that involves one of the worst data breaches in the history of the electronic age,” Miles says. “We are anxious as an MDL to gather more evidence in the now discovery phase of the case.”
The financial institutions are seeking compensation for financial losses related to the data breach, including card reimbursement, fraudulent charges, and transaction fees.
The case is In Re: The Home Depot Inc., Customer Data Security Breach Litigation, case number 1:14-md-02583, in the U.S. District Court for the Northern District of Georgia.