Monday, December 29, 2014 - A number of the lawsuits filed against Home Depot in the wake of the data breach the home improvement retailer suffered in April were consolidated into multidistrict litigation in Atlanta on December 11. The breach didn‘t make headlines until September, but soon after it became public lawsuits were filed and have quickly been consolidated into an MDL. The MDL is currently comprised of 11 separate lawsuits, and there are reportedly 44 civil suits pending related to the breach.
Claims within lawsuit allege that Home Depot‘s data security had been compromised from approximately late April until early September, when the first suits were filed. The specific network that was compromised was the point of sale system that dealt directly with customers‘ credit and debit cards, which also holds additional personal information about their customers. There were roughly 56 million credit and debit cards that could have possibly been effected by the breach. There were reports that the information gathered in the breach was later offered for sale on "rescator.cc," which is a website that deals in trafficking stolen credit and debit card information.
The delay between the breach and when it‘s existence was made public is also problematic for the plaintiffs, as roughly four months passed between the two events. Home Depot even put out a notice that there was the possibility of a breach a week before they finally confirmed one. The breach did not affect online stores, but only brick and mortar establishments in the U.S. and Canada.
The Home Depot breach was the second largest on record, trailing only the TJX Companies records heist that occurred in 2007, compromising the information of 90 million customers. Home Depot claims that the malware has been eradicated and that no pin numbers belonging to the debit cards had been stolen. Unlike a similar breach that happened to Target late in 2013, this breach has not seemed to drastically affect Home Depot‘s customer loyalty. Still, the company claims to have spent over $40 million in the 2014 third quarter dealing with the fallout of the breach and final totals could reach over $100 millon. Some analysts consider Home Depot lucky because the Target breach may have removed some of the shock factor and perceived risk a data breach could pose for a company.
Credit and Debit card customers claim that the data breach that took place allowed the perpetrators access to sensitive information. The breach allegedly revealed email addresses and payment information for millions of Home Depot customers. The data hackers could also decipher the specific location where the card was used. There are multiple warnings on Home Depot websites warning of the information that was stolen and different ways customers can protect themselves from identity predators attempting to use this information against them.
Home Depot has already sunk millions into managing the breach and worry that he ensuing lawsuits could jeopardize business, possibly resulting in additional costs and fines at their stores.The retailer has also said that it is possible that credit card companies whose customers were effected by the data breach will pursue litigation against the store. These suits would seek to recover damages such as reclaiming counterfeit fraud losses and money to cover the cost of reissuing new cards.