Bank lawyers balk at rush for Home Depot, MasterCard breach settlement

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.businessinsurance.com/article/20151204/NEWS06/151209878/bank-lawyers-balk-at-rush-for-home-depot-mastercard-breach

Plaintiff attorneys representing financial institutions in litigation over
Home Depot Inc.’s 2014 cyber breach are angrily denouncing a contingent
settlement reached with MasterCard they say was secretly negotiated, and
recommending their clients reject it.

Terms of the settlement agreement with MasterCard have not been disclosed
in court filings.

A Home Depot spokesman said the retailer had nothing to do with notices
issued on the proposed settlement.

In a statement issued Friday, the attorneys state, “Home Depot has sought
to convince financial institutions that issued MasterCard-branded payment
cards to accept a ‘settlement’ that by all available indications offers
inadequate reimbursement for the losses caused by its data breach.

“In exchange, financial institutions would be required to release their
claims in this litigation and forfeit any opportunity to receive additional
reimbursement.

“Home Depot has concealed critical terms of this agreement with MasterCard,
which was negotiated in secret without the involvement of the court or
court-appointed plaintiffs’ counsel, and is being sold based on
inconsistent and scant information about what it provides. Incredibly,
financial institutions have only been given a few days to make a decision,
suggesting the ‘settlement’ cannot withstand scrutiny.”

Notices sent to financial institutions by payment processors dated Nov. 25
and Nov. 27, which are included in a Nov. 30 court filing, state the
proposed settlement will become effective if 65% of all qualified accounts
accept it, and that financial institutions have until Dec. 2 or Dec. 7 to
respond in order to participate in the settlement.

The Nov. 30 filing with the U.S. District Court in Atlanta seeks an
immediate hearing on the notices sent to the financial institutions
concerning the settlement, and has the same charges reflected in its Friday
statement.

It states the proposed settlement was sent “hours before the Thanksgiving
holiday when class counsel and putative class members would be otherwise
occupied,” and asks that Home Depot be required to provide copies of the
settlement.

The statement issued Friday also refers to the announcement earlier this
week of the$39.4 million settlement between Target Corp. and its financial
institutions.

The Target settlement “proves that financial institutions do not need to
accept the first offer they receive directly from the card brands. By
rejecting MasterCard’s initial offer, financial institutions ultimately
obtained significantly greater compensation in court.

“The Target settlement sets an important precedent by showing that
financial institutions can achieve greater compensation for their losses
through the legal system.”

The statement says also, “Until Home Depot discloses all the facts relating
to its agreement with MasterCard, financial institutions should reject any
settlement that does not offer significant reimbursement for their losses
beyond what they are already entitled to receive under MasterCard’s rules
without releasing their legal claims.”

A Home Depot spokesman said although the company does have a tentative
agreement with MasterCard, “we have not communicated, nor were we aware of,
any communications about the agreement.”

The company reported in a financial filing Nov. 24 that to date it has
incurred $252 million in gross expenses related to the data breach, which
has been partially offset by $100 million of expected insurance proceeds.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!