Home Depot has reached a proposed multimillion-dollar settlement with financial institutions affected by its 2014 data breach, according to documents filed in a U.S. District Court.
The retailer agreed to pay up to $25 million to affected financial institutions, as well as up to $2.25 million to entities whose claims were released by a sponsor such as a card processor. Class members that file valid claims will get a “fixed payment award” of about $2 per compromised card without having to prove their losses, even if they've received compensation from another source.
Financial institutions that can prove their losses may get an additional “documented damages award” of up to 60% of their uncompensated costs, according to the settlement documents. The settlement fund excludes attorneys' fees.
“Credit unions and their members have unfortunately borne the brunt of lax merchant data security standards. This settlement would be a step toward making them whole again. We believe this settlement represents one of the better outcomes in data breach litigation,” CUNA President/CEO Jim Nussle said. “We're hopeful credit unions will see more victories in data breach suits going forward. In the meantime, CUNA will continue pursuing a legislative solution that will result in stricter merchant data security standards, making it much harder for merchants to compromise payment card information.”
In September 2014, Home Depot announced that hackers stole payment card data from customers who made purchases at self-checkout terminals between April 10, 2014, and Sept. 13, 2014. The hackers also stole a separate file of customer email addresses.
The new multimillion-dollar proposed settlement is the latest in a series of payouts associated with Home Depot's data breach.
The home improvement retailer has spent approximately $14.5 million on premiums to MasterCard and Visa issuers in exchange for releases, as well as $79 million under Visa's GCAR program and $41 million under MasterCard's ADC program to partially compensate financial institutions for their losses, according to a court filing from an attorney representing the financial institutions.
Coupled with amounts paid in settlements with American Express and Discover, the plaintiffs estimated Home Depot has already paid more than $140 million to financial institutions.
In addition, in March 2016, Home Depot agreed to pay $13 million to consumers affected by the data breach, as well as at least $6.5 million to provide them with 18 months of identity protection services. That's excluding attorneys' fees.
As part of its latest settlement agreement, which is 74 pages long, Home Depot agreed to track and manage its data security risk assessments using a risk-exception process; conduct annual reviews of service providers and vendors that have access to payment card information to ensure their compliance with security practices, and create a security-control framework. It did not admit to any liability or wrongdoing.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
