Home Depot Moves to Dismiss Breach Suit
Calling it “filled with rhetoric and sensational claims,” Home Depot has filed a motion to dismiss a class-action suit filed by more than 100 plaintiffs, including financial institutions in 44 states, after hackers stole personal and financial information about 56 million customers from the company in 2014.
“Noticeably absent is any plausible allegation of concrete injury traceable to Home Depot U.S.A., Inc. or The Home Depot, Inc.,” the attorneys for the defendants told a Federal District Court. “No individual bank alleges any harm that it specifically incurred as a result of the Home Depot data breach, and the majority of the types of damage the banks seek to recover are expenses voluntarily incurred to protect against possible future harm.”
“The banks claim to have incurred costs for canceling and reissuing payment cards (including cards that had not incurred fraud charges), changing or closing accounts, notifying customers, investigating potentially fraudulent activity, and increasing fraud monitoring ‘on potentially impacted accounts,’” the attorneys argued in a memorandum to the court. “These are all operating expenses that the banks made a business decision to incur to protect against ‘a fear of hypothetical future harm;’ as such, they ‘are not fairly traceable’ to any Home Depot actions.”
Attorneys for the consumer plaintiffs blasted the move.
“While Home Depot tries to characterize these claims as ‘dependent on the hypothetical future acts of third parties,’ – in reality, this harm was the inevitable and predictable result of Home Depot’s indifference to data security,” they wrote in a separate memorandum to the court.
NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt responded to the motion to dismiss on Wednesday, stating, “NAFCU supports all avenues for our members to recover their costs. The issues raised in this lawsuit only highlight the need for national data security standards to prevent breaches in the first place.”