Home Depot last week asked a Georgia district court to dismiss a consumer class action lawsuit over the retailer’s 2014 data breach, stating that none of the plaintiffs have sustained any actual harm, nor are any of the alleged claims of harm “traceable” to Home Depot’s breach.
“The length of the complaint and the number of named plaintiffs does not mask this simple conclusion. No two of these plaintiffs’ alleged experiences are alike, much less would any of their claims predominate across the alleged classes,” stated Home Depot in its filing. “Consistent with Home Depot’s promise that its customers would not be liable for any fraudulent charges on their payment cards arising from the breach, most of the named plaintiffs admit that they have been fully reimbursed for their losses and do not even allege any monetary loss. The few plaintiffs who allege some economic harm fail to explain why the losses they allege were not reimbursed.”
Courts have varied in ruling whether data breach litigation plaintiffs have Article III standing in their claims. The judge in a consumer class action against Target, for example, determined that the inconvenience associated with resolving identity theft or stolen credit cards could be considered enough for a class action to proceed.
Also pending against Home Depot is a lawsuit filed by financial institutions responsible for reimbursing consumers for fraudulent transactions. The complaint by banks focuses on the alleged negligence of Home Depot in securing its system, highlighting a comment from retired Home Depot CEO and current chairman of the board Frank Blake
“If we rewind the tape, our security systems could have been better…Data security just wasn’t high enough in our mission statement,” the banks’ complaint quotes Blake as saying.
“The financial costs caused by Home Depot’s misconduct have been borne in large part by the institutions that issued the payment cards compromised by the breach. These costs include, but are not limited to, canceling and reissuing millions of compromised cards and reimbursing their customers for fraudulent charges. Industry sources estimate that community banks and credit unions – which together issued only a fraction of the compromised cards – incurred more than $150 million in reissuance costs alone. Industry sources further estimate that the total fraud losses for all financial institutions are in the billions of dollars,” the banks said. Home Depot has not responded to this complaint, filed May 27.