Credit giant MasterCard is working on a settlement for its card issuers with Home Depot over the home improvement retailer’s 2014 security breach.
But on Friday, legal teams representing big financial institutions in a class-action lawsuit against the Atlanta retailer called on the banks to reject the settlement, arguing it would require them to forfeit any award that might come from the class-action suit.
“Home Depot has sought to convince financial institutions that issued MasterCard-branded payment cards to accept a ‘settlement’ that by all available indications offers inadequate reimbursement for the losses caused by its data breach,” the class-action lawyers said in a statement.
Home Depot spokesman Stephen Holmes said the company did not send any communications to banks nor were company officials aware of any communications.
Home Depot announced in September 2014 that an estimated 56 million “unique” payment cards had been breached at its stores in the U.S. and Canada. In addition to the exposed credit information, about 53 million email addresses also were hacked.
Attorneys in the class action lawsuit pointed to the $39 million class-action settlement the banks reached with retailer Target on Wednesday as an example of why banks should hold out. MasterCard had settled with Target, which was breached in 2013, for $19 million in April, but banks rejected the offer as too low.
The potential deal is in the hands of MasterCard issuer banks, who must sign off on it before a settlement is reached. The amount of the agreement has not been disclosed.
“As part of those negotiations, we have presented offers to several issuing customers significantly impacted by the breach,” MasterCard spokesman Seth Eisen wrote in an email. “Those offers provide an option to resolve the matter with a defined financial reimbursement. But, the decision is theirs; they maintain the right to choose to continue to pursue other options.”
To date, Home Depot expenses related to the breach have reached $252 million, which will partly be paid from a $100 million insurance policy on network security and privacy liability.
About the Author
