A federal panel is consolidating some of the lawsuits filed against Home Depot in connection with a massive data breach this year, moving the cases to the federal court in Atlanta.
The U.S. Judicial Panel on Multi-District Litigation, in a ruling this week, said the lawsuits filed by credit and debit card customers are similar enough that consolidating them will make proceedings more efficient and convenient for both sides since Home Depot is based in Atlanta and relevant documents and witnesses are more likely to be in the area.
The data breach between April and September potentially exposed payment information for about 56 million credit and debit cards. Most of the lawsuits claim personal financial information was compromised by the security breach, which was blamed on malware.
Home Depot supported consolidation of the cases, the panel said, as did many plaintiffs.
“Throughout the investigation and mitigation of the breach, our primary focus has been on our customers, and we’ll deal with any legal matters in due course and in the proper venue,” Home Depot spokesman Stephen Holmes said.
The decision affects 11 cases: four filed in federal court in Atlanta; three in Illinois; and one each in federal courts in California, Florida, Missouri and New York.
The panel said 19 of the 31 actions and potential “tag-along” cases are pending in the Northern District of Georgia.
In releasing third-quarter financial results last month, Home Depot said it expected breach-related expenses to total $27 million in its fiscal fourth quarter, but only about $6 million for the company after insurance. The company said costs may include liabilities to payment card networks, civil litigation and investigations into the breach.
Since the breach, Home Depot said it has enhanced encryption at checkout terminals and installed new chip-and-PIN technology. The company also said customers will not be responsible for card charges related to the breach.