Home Depot Faces Multiple Lawsuits Over Massive Data Breach

A growing number of lawsuits continue to be filed over the recent Home Depot data breach, which the company admits resulted in hackers gaining access to credit and debit card information for at least 56 million cards used by its customers. 

The financial security breach may be the largest ever, and some say that the company failed to stop a version of malware that was already known to be a problem, and should have been blocked.

The attack reportedly went on for a five month period, with a number of fraudulent transactions linked to the data breach. Hackers are believed to have accessed the systems of all 2,200 Home Depot stores through point of use terminals, which has the company facing claims of negligence.

In addition to a number of Home Depot class action lawsuits that have been filed since discovery of the breach, First NBC Bank also filed a lawsuit against the company on September 22 in U.S. District Court in New Orleans, and it is expected that other financial institutions may bring similar claims.

In response to the mounting litigation, a group of plaintiffs filed a motion(PDF) with the U.S. Judicial Panel on Multidistrict Litigation (JPML), seeking to consolidate all of the Home Depot data breach lawsuits before one federal judge for pretrial proceedings. At the time the request was filed on September 15, there were three cases pending. However, that number has reportedly already climbed to more than a dozen.

While Home Depot has said that the hackers did not obtain customers’ PIN numbers, the stolen credit card information has already appeared on websites known to traffic in stolen consumer information, the lawsuits claim.

“The data network contained the personal financial information of hundreds of thousands, if not millions, of customers. The ramifications of this security breach are severe,” the motion states. “The thieves can use the financial information to create fake credit and debit cards that can be used to commit fraud and other crimes.”

The plaintiffs in the Home Depot lawsuits have asked that the cases be centralized in the Northern District of Georgia, to reduce duplicative discovery in the cases, avoid conflicting rulings from different judges and to serve the convenience of common witnesses, parties and courts.

In the lawsuit filed by First NBC, the financial institution alleges that Home Depot should have protected itself better, and as a result, First NBC and other banks will bear the brunt of absorbing losses from fraud and compensating customers whose financial information is abused.

JP Morgan Chase, Capital One and other banks have already indicated that they plan to send new credit and debit cards to all customers affected.

Home Depot’s Response

Home Depot officials have said that they will offer credit monitoring services to those whose data was compromised.

In a press release issued on September 18, Home Depot apologized for the incident and said it has installed new technology to better protect customer financial data. The company denied that the malware had been used before against other companies.

“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” Frank Blake, chairman and CEO, said in the press release. “from the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”

The attorneys general of California, Connecticut, Illinois, Iowa and New York have said they will begin an investigation into the data breach and the company’s efforts to defend consumer data. At least two U.S. Senators have also called for an investigation.

Photo Courtesy of Mike Mozart via Flickr