ATLANTA (12/16/15)--U.S. District Chief Judge Thomas Thrash cleared up any ambiguity this week over what types of communications are acceptable between Home Depot and the financial institutions suing the retailer over last year’s massive data breach.
Thrash ordered Monday that settlement offers can only be extended if the settlement has been fully negotiated and finalized between Home Depot and MasterCard or any other card brand.
The offers also must be in writing, contain adequate details of the suit, advise about class member rights and advise that the offered recovery amounts may be less than what is recoverable in litigation.
The order comes on the heels of the settlement letters sent to financial institutions last month that contained incomplete information on a proposed settlement deal. The letters gave plaintiffs mere days to make a decision on whether to accept.
The settlements also likely would not have adequately reimbursed financial institutions for their true losses as a result of the breach, the attorneys representing the financial institutions in the case had found.
Home Depot and MasterCard acknowledged that they’d struck a deal, but the settlement was contingent upon a certain percentage of financial institutions accepting the terms.
Thrash’s order will stop future settlement offers from being sent unless the settlement is final. It also will bar communications from being sent to financial institutions without complete information on the proposed settlements.
Meanwhile, attorneys representing credit unions and the other financial institutions in the case also have asked the judge to vacate any liability releases secured by Home Depot as a result of the notices.
Rather than vacating the liability releases, however, the judge ordered the financial institutions’ attorneys to conduct discovery for evidence that would confirm whether the financial institutions who agreed to the deal felt obligated to accept the terms, and if Home Depot was complicit in the distribution of the letters (CUInfoSecurity.com Dec. 15).
Home Depot and MasterCard “have sought to turn the card recovery process into a pseudo-class settlement that releases all the claims in this litigation,” the attorneys representing financial institutions said in a motion filed last week. “In the meantime, class members have received misleading and coercive messages about what is happening, and are being told they must act immediately or lose their rights.”
The Atlanta-based retailer has denied that it was involved with or aware of the communications sent to credit unions and banks.
The massive breach to hit Home Depot last year cost credit unions nearly $60 million in related costs, according to numbers compiled by CUNA.
CUNA continues to press lawmakers to pass legislation that would require merchants to uphold the same strict data security standards that financial institutions must follow.