Home Depot has agreed to fork over more than $25 million to put to bed a proposed class of financial institutions' data breach claims, a move that could prompt more banks and credit unions to go after the retailers that suffered the data breaches rather than pursue more traditional card brand recovery programs to recoup their losses.
The deal was preliminarily approved on Friday by U.S. District Judge Thomas W. Thrash, who set a final approval hearing for Sept. 22. It comes on top of $140 million that Home Depot has already paid to large issuers such as American Express, Discover and others through card brand recovery processes run by Visa and MasterCard for losses stemming from a 2014 breach that compromised 56 million credit and debit card numbers belonging to Home Depot shoppers...
The lead plaintiffs — which currently include 50 financial institutions from 44 states, as well as 16 state credit union associations and the Credit Union National Association — chose to press their case despite having available to them the programs that Visa and MasterCard use to assess fraud recovery and operating expense recovery amounts owed to acquiring banks whose merchants suffer payment card security breaches.
"What seems to be happening is that a lot of large issuers seem to go through the MasterCard and Visa processes, while the issuers who press the class action tend to be the smaller ones," Haynes and Boone LLP Partner Emily Westridge Black said.
Excerpted from Law360. To read the full article, please click here (subscription required).