CUs, FIs urged to reject Home Depot/MasterCard settlement offer

December 8, 2015

MADISON, Wis. (12/8/15)--Credit unions should not opt-in to the settlement deal recently offered with regard to Home Depot and MasterCard, counsel representing financial institutions in the data breach case against Home Depot said during a conference call Monday.

Many financial institutions that have filed lawsuits against the retailer for the massive breach to hit its stores last year received letters from their card processors outlining vague details of a settlement negotiated between MasterCard and Home Depot.

But the details of how much Home Depot is willing to reimburse are unclear, leading counsel to urge financial institutions involved with the case to either opt-out of the settlement if prompted to do so, or to decline opting in. Multiple versions of the letter have been reported.

“Until Home Depot discloses all of the facts relating to its agreement with MasterCard, we recommend that financial institutions reject any settlement that requires them to release their claims in court and does not offer a significant reimbursement for their losses, beyond what they’re already entitled to,” said Joseph Guglielmo, lead counsel for financial institutions in the case.   

Guglielmo said that the offers appear to fail to adequately reimburse credit unions for their losses. In fact, one credit union was promised operational reimbursement dollars of only $1.18 per qualified account, likely falling far short of operational losses caused by the breach.

Credit unions were hit with nearly $60 million in costs as a result of the breach, according to numbers compiled by CUNA.

Several iterations of the settlement letter gave fast-approaching deadlines by which financial institutions needed to make a decision on the settlement offer. If a credit union prematurely opted in, and now wishes not to do so, it should send a letter to rescind that decision, counsel said.  

“The settlement uses MasterCard’s account data compromise (ADC) program to offer financial institutions partial recovery amounts for their losses sustained during the data breach,” Guglielmo said. “In exchange for this inadequate compensation, financial institutions are being asked to sign a release of all other claims against Home Depot.”

Gugliemlo added that the financial institutions that rejected similar offers from Target ultimately received significantly more reimbursement for the costs they incurred as a result of the breach.

“The settlement agreement announced last week in the litigation over Target’s data breach was a settlement agreement that was reached with financial institutions that did not opt in to the original ADC program,” Gugliemlo added. “That settlement, we believe, established that financial institutions do not need to accept the first offer they receive from these card brands.”

Target recently settled with financial institutions for nearly $40 million.

CUNA continues to urge lawmakers to tighten the data security standards imposed on retailers. Until retailers face the same strict standards that financial institutions are beholden to, critical gaps in the payments network will persist.