Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
The Home Depot will pay $13 million to resolve claims by customers whose personal information was exposed to hackers during a massive data security breach in 2014.
The settlement agreement, filed in March in U.S. District Court in Atlanta, would certify a class of Home Depot customers to include all U.S. residents whose personal information was compromised after they used payment cards at self-checkout lanes at U.S. Home Depot stores between April 10, 2014, and Sept. 13, 2014, according to court papers.
Home Depot has said that the breach ‘ which exposed customers’ payment card account numbers, expiration dates and cardholder names’affected as many as 56 million customers. Lawyers from nine law firms that were members of a steering committee shepherding the multidistrict litigation, including former Georgia Gov. Roy Barnes, on Monday asked U.S. District Chief Judge Thomas Thrash Jr. to grant preliminary approval of the settlement and certify the consumer class. Barnes is liaison counsel for the consumers.
The agreement says Home Depot will also pay reasonable legal fees, costs and expenses, up to $8,475,000 in fees and legal costs and expenses that do not exceed $300,000.
King & Spalding represented Home Depot. Company spokesman Stephen Holmes said that settling the case was the most expeditious path to ‘put the litigation behind us,’ adding that the settlement was not an admission of liability.’Home Depot customers, he said, were not held responsible for any fraudulent charges made against their accounts.’ And although he acknowledged that customers’ credit card numbers were exposed, he said that Home Depot has no evidence that customers’ PIN numbers’were compromised. ‘
Barnes and partner John Bevis were not available for comment.
The $13 million settlement fund will compensate class members for out-of-pocket losses, unreimbursed charges and other substantiated losses, up to a maximum of $10,000. Class members may also submit claims with supporting documentation to receive reimbursement for up to five hours, at $15 an hour, for time spent remedying issues relating to the data breach, according to settlement documents. Those who cannot separately document their time may self-certify the amount of time they spent without documentation and claim up to two hours at $15 an hour. Home Depot has also agreed to fund 18 months of identity protection for the class members whose payment cards were compromised.
Home Depot also has agreed to implement specific data security measures in its U.S. stores for at least two years. Those measures include creating a chief information security officer; the routine performance of product and data risk assessments; implementing safeguards as a result of those risk assessments; and setting standards for the selection and retention of service providers or vendors whose data security practices are consistent with industry standards.
Home Depot will also provide written notice to store customers disclosing the storage and use of customer information; provide employee education and training regarding customer privacy and security; and implement enhanced security measures at the point of sale. Home Depot also will encrypt all payment card data at the point of sale; and will not retain card security code data, PIN numbers or the full contents of magnetic stripe data for longer than 48 hours.
The settlement includes only Home Depot customers.
Financial institutions that issued credit or debit cards to customers that were compromised by the data breach also have sued Home Depot for damages incurred by the breach. Those cases are still being litigated.
‘–’R. Robin McDonald, Daily Report
EU Privacy Pushback Prompts Lawyers to Look For Plan B
Companies that thought the new U.S.-EU "Privacy Shield" would restore legal certainty around trans-Atlantic data transfers may want to think again.
Beginning with the June Issue, e-Commerce Law & Strategy will no longer exist as a single entity. Instead, it will continue its evolution into our all-new, cutting-edge title: Cybersecurity Law & Strategy.
Does Adoption of Cloud Computing Shift Cyber Liability Risk?
The rapid adoption of cloud computing has attracted companies that seek to lower their information technology costs. At the same time, it is reported that there has been an increase in data loss and an increase in cyber-liability claims against companies. But the biggest vendors in the cloud computing industry want to push the risk of penetration of their systems onto their customers adopting the technology.
Law Firms Grapple With Cybersecurity Issues and Regulatory Risks
Security is always a concern for law firms, and the risks have only grown in recent years. Increasingly, attorneys, staff and clients have become more mobile and rely on an array of laptops, smartphones and tablets to stay connected 24/7. As more data is created and resides in more places, it becomes more vulnerable.