Home Depot to settle financial institution class against 2014’s data breach

download (1)On March 8, 2017, Home Depot Inc. (Home Depot) reached an agreement that, if approved, will bring the putative class action, brought by certain financial institutions impacted by the company’s 2014 data breach, to an end.

In September 2014, Home Depot announced that its payment data systems had been breached. See here. Investigation revealed hackers placed malware on Home Depot’s self-checkout kiosks in stores across the country, allowing them to steal customers’ personal financial information. Approximately 56 million payment card numbers were compromised. The stolen information was then sold over the internet to thieves who made massive numbers of fraudulent transactions using the payment cards that financial institutions had issued to Home Depot’s customers. As a result, financial institutions were forced to cancel and reissue compromised payment cards and reimburse customers for the fraudulent transactions.

Home Depot has already paid out approximately $14.5 million in premiums to MasterCard and Visa issuers in exchange for releases. Combined with payments to the larger issuers, including American Express and Discover, and payments under the card brand recovery processes to issuers that refused to release their claims, Home Depot already has already spent more than $140 million to compensate financial institutions.

Under the proposed settlement agreement filed on March 8, 2017, Home Depot will pay $25 million into a fund to be distributed to financial institutions that have not released all of their claims. Excluded from the class are entities that have released all of their claims against Home Depot.

The company will also:

  • spend up to $2.25 million to compensate certain entities whose claims were released after they received misleading communications;
  • pay the costs of notice, administration, and attorneys’ fees and expenses;
  • implement a notice program to individually notify each class member;
  • implement enhanced security measures to reduce the risk of a future data breach.

A final approval hearing will still have to approve the settlement agreement.


More information on In re: The Home Depot, Inc., Case No.: 1:14-md-02583-TWT is available at https://www.unitedstatescourts.org…

For more information on recent data breach settlements, contact Francesca Giannoni-Crystal

Follow us on& Like us on