FOR IMMEDIATE RELEASE

Contact: Vicki Christner – CUNA Communications; 202-329-9950; vchristner@cuna.coop

Washington, DC (March 9, 2017) – A proposed settlement was submitted to the court for approval Wednesday which would conclude the data breach lawsuit brought against Home Depot stemming from a 2014 data breach. CUNA, state leagues and a number of credit unions are among the plaintiffs.

“Credit unions and their members have unfortunately borne the brunt of lax merchant data security standards.  This settlement would be a step toward making them whole again. We believe this settlement represents one of the better outcomes in data breach litigation,” said CUNA President/CEO Jim Nussle. “We’re hopeful credit unions will see more victories in data breach suits going forward. In the meantime, CUNA will continue pursuing a legislative solution that will result in stricter merchant data security standards, making it much harder for merchants to compromise payment card information.”

Home Depot acknowledged that the September 2014 data breach compromised 56 million credit and debit cards. CUNA’s research into the data breach found that it cost credit unions around $60 million.

Terms of the settlement include:

• Home Depot agrees to pay $25 million into a settlement fund for distribution through a claims process to financial institutions that have not previously released their legal rights to recovery;
• Financial institutions that file a valid claim will be eligible to receive a fixed payment estimated to be $2.00 per compromised card without having to submit documentation of their losses and regardless of whether any compensation has already been received from another source;
• In addition, financial institutions that submit proof of losses are also eligible for a supplemental award of up to 60% of their documented, uncompensated losses from the data breach;
• Home Depot has also agreed to pay up to $2.225 million to entities whose claims were released by a sponsor (such as a card processor) in connection with the Account Data Compromise recovery program. Eligible sponsored entities that submit a valid claim will be entitled to a payment of approximately $2.00 per compromised card;
• As demanded by the associational plaintiffs like CUNA and the Leagues, Home Depot will strengthen its future data security measures to reduce the risk of another data breach;
• Home Depot will separately pay the costs of notice, administration, and court ordered fees and expenses associated with the class action suit; and
• Subject to court approval, a service award of up to $2,500 will be paid to each financial institution named in the Consolidated Class Action Complaint.

If the court approves the settlement, a claims process mechanism will be set up for interested credit unions to file their claim.  CUNA will provide further information when that mechanism is established. 

CUNA is also a plaintiff in a class action lawsuit against Wendy’s, as a result of a data breach suffered around fall 2015.