56 Million Credit and Debit Card Numbers Compromised in 2014 Data Breach
Home Depot will pay $25 million to settle a putative class action lawsuit involving a 2014 data breach that compromised 56 million credit and debit card numbers. Additionally, Home Depot has also promised to improve its data security protocols. The allegations were brought by financial institutions.
The product liability attorneys at Parker Waichman LLP have decades of experience representing consumers in class action lawsuits. The firm continues to offer free legal consultations to individuals with questions about filing a data breach class action lawsuit.
In 2014, Home Depot said that customers’ personal information had been hijacked through malware placed on the stores’ self-checkout kiosks. The data breach affected 56 million customers. Compromised information included names, credit and debit card numbers, expiration dates and security codes. Home Depot faced 25 class actions filed on behalf of dozens of banks and credit unions.
The class actions were consolidated in December 2014, according to Law 360. The financial institutions alleged that Home Depot failed to implement appropriate security measure to protect private financial information. The retailer’s data-security practices were, the suit alleged, “characterized by neglect, incompetence and an overarching desire to minimize costs.” The data breach was the “inevitable result” of poor security, the institutions said.
The class action alleged that the financial institutions lost billions due to Home Depot’s failure to maintain adequate cyber security. Among other things, the retailer allegedly refused to upgrade its security on multiple occasions despite recommendations from experts, employees, and red flags. The store also allegedly ignored industry standards.
The terms of the settlement were revealed in court documents filed in Georgia federal court. Home Depot will pay $25 million into a non-revisionary fund, which would subsequently allocate the settlement to various financial institutions.
The agreement states that financial institutions with a valid claim can receive $2 per compromised card. The institution is eligible for this compensation even if they were already compensated by another source. For institutions whose claims were released by a sponsor, such as a card processor, Home Depot has agreed to pay up to $2.225 million.
In addition to financial compensation, the settlement requires Home Depot to “implement enhanced security measures to reduce the risk of a future data,”
Other retailers have faced similar class actions involving data breaches. In December 2015, Target agreed to pay $39 million to settle class actions brought by financial institutions.
Yahoo Data Breach Leads to Class Action
Yahoo was also recently implicated in two large data breaches, leading to a class action lawsuit. The first data breach was announced in September 2016; the internet company said the cyberattack occurred in 2014 and affected 500 million users. In December 2016, Yahoo announced a second data breach that occurred in 2013; more than 1 billion accounts were affected.
Yahoo says compromised information includes names, phone numbers, birth dates, encrypted passwords and security questions. Yahoo is now being investigated by various government agencies over the data breach. In a November 2016 SEC filing, Yahoo said it was cooperating with the SEC, Federal Trade Commission and other government authorities including “a number of State Attorneys General, and the U.S. Attorney’s office for the Southern District of New York.”
The company says the two cyberattacks are not related.
At least one class action lawsuit alleges that the Yahoo data breach compromised personal financial information. The complaint was filed in the U.S. District Court for the Northern District of California on behalf of a small business owner. The plaintiff conducts his online advertising and other business practices through Yahoo.
Although Yahoo says the data breach only compromised email addresses and passwords, the plaintiff alleges that his personal financial information was hacked. “Given that more than three years elapsed before Yahoo disclosed the 2013 data breach and more than two years passed before Yahoo disclosed the 2014 data breach,” the plaintiff “is rightfully skeptical of Yahoo’s self-serving statements,”
The suit alleges that the plaintiff is a victim of identity theft due to the security breach. The lawsuit alleges that fraudulent charges have been placed on his Capital One credit card and Chase debit card. Both of these cards were on file with Yahoo to pay for the company’s services. The lawsuit alleges breach of contract, breach of implied contract, negligence, fraudulent and negligent inducement, and violations of California’s Unfair Competition Law.
Filing a Class Action Lawsuit
If you or someone you know is interested in filing a class action lawsuit, contact Parker Waichman today. Our experienced product liability attorneys offer free, no-obligation case evaluations. For more information, fill out our online form or call 1-800-YOURLAWYER (1-800-968-7529).