FIs blast Home Depot’s ‘coercive’ tactic in data breach suit

November 12, 2015

ATLANTA (11/12/15)--The credit unions and other financial institutions behind a class action lawsuit against Home Depot over its massive data breach in 2014 are countering a move this week by the retail giant: Home Depot has asked the court for authorization to freely communicate directly with absent class-action members about potential settlements it may reach with card companies.

Home Depot’s legal team has requested permission to communicate with financial institutions about settlements it could reach with Visa and MasterCard. But the plaintiffs in the case, which include 17 credit union organizations, say that the move could lead to the distribution of coercive or misleading information (Law360 Nov. 10).

“Coupling receipt of the benefits of the [credit brand] recovery processes with a general release that prohibits class members from participating in this case is inherently misleading and ripe for abuse, particularly when class counsel are completely shut out of the process,” the plaintiffs wrote. “To the extent that Home Depot is not attempting to issue coercive or misleading statements, it should have no problem presenting them first to class counsel and allowing the court to decide any disputes.”

The plaintiffs believe that permitting Home Depot to communicate about its potential card company settlements, without giving counsel on the financial institution side the opportunity to see those communications in advance, would make it possible for the communications to be inaccurate and coercive. That could limit the financial institutions’ ability to accurately weigh their potential claims and determine whether they might recover more in the class action suit than they might under the proposed settlement.

The breach, which compromised nearly 60 million credit and debit cards nationwide, cost credit unions and their members tens of millions of dollars, according to CUNA numbers.

CUNA continues to fight for legislation that would ratchet up cybersecurity requirements for merchants, which don’t face the same very strict standards with which financial institutions must comply.