1 suit vs. Home Depot becomes 2: Judge separates consumers, FIs

January 22, 2015

ATLANTA (1/23/15)--Similar to how the data breach case against Target is being handled in Minnesota, a federal judge in Atlanta peeled financial institutions and consumers apart in their class action lawsuits against Home Depot for its role in the massive data breach to hit its stores last year (The National Law Journal Jan. 22).

The two groups, which include at least nine credit unions on the financial institution side, have sued Home Depot for failing to properly protect consumer personal and payment information, leading to 56 million compromised credit and debit cards nationwide.

The incident cost credit unions alone nearly $60 million to cover the reissuing of compromised cards and other breach-related activity, according to numbers compiled by the Credit Union National Association in the aftermath of the incident.

Credit unions were on the hook for just over $30 million as a result of the Target breach.

Home Depot has retained two separate law firms to handle the parallel lawsuits.

"While many of the legal issues and much of the discovery are common to the claims of both, the cases present significant, distinct factual and legal issues," wrote Thomas Thrash, Northern District of Georgia chief judge (The National Law Journal). "Accordingly, to manage the litigation most efficiently, the court hereby creates separate tracks for the consumer and financial institution cases."

Home Depot spokesperson Stephen Holmes said in an email: "Throughout the investigation and mitigation of the breach, our primary focus has been on our customers. We'll continue to deal with any legal matters in due course and in the proper venue."

CUNA continues pressing lawmakers to pass legislation that would require merchants such as Target and Home Depot to meet the same strict personal payment data standards that are imposed upon financial institutions.