With over 30 class-action lawsuits already filed against them, David Allison reports that the Home Depot breach may result in an epic court battle, starting with where the multi-district litigation will be consolidated and heard.
But other than the sheer numbers involved (56 million payment cards and 53 million email addresses), is there really anything new or novel about these lawsuits? This certainly is not the first time we’ve seen a large breach where a third-party vendor’s credentials were used to start to worm one’s way into databases. Where is the harm or injury to consumers if banks don’t hold them responsible for fraudulent charges on their cards? And do the banks and credit unions have a contractual relationship with Home Depot that they can use to sue for harm to them? If not, where is that part of the litigation going?
Don’t get me wrong: I’m not saying this is a yawner. I’m just saying that more does not mean different, and I wouldn’t be surprised if the outcome here is no different than we’ve seen in many other breach-related lawsuits.
Ultimately, it may be more interesting to see what, if anything, the FTC does in response to the Target and Home Depot breaches, but even any enforcement action might be a drop in the bucket when we consider how large these corporations are.