Two days after retailer Home Depot confirmed that its payment data systems were breached, a class action lawsuit was filed in federal court in East St. Louis.
Plaintiffs Michael Marko of Godfrey and Mike's Inc. of South Roxana filed a complaint Sept. 10 on behalf of themselves and others claiming their personally identifiable information, including names, addresses, phone numbers, email addresses, credit and debit card numbers, card expiration dates and card security codes, was stolen.
Represented by attorneys at Carey, Danis and Lowe of St. Louis, plaintiffs seek actual, economic, statutory, nominal and exemplary damages, as well as injunctive relief, attorneys’ fees, litigation expenses and costs of suit.
They say that Home Depot could have prevented the breach, but that it did not likely not comply with industry data security standards.
"The improper use of Defendant Home Depot’s customers’ PII (personally identifiable information) by unauthorized third parties can and did result in an adverse impact on, among other things, a victim’s credit rating and finances," the suit states. "The type of wrongful PII disclosure made by Defendant Home Depot is the most harmful because it generally takes a significant amount of time for a victim to become aware of misuse of that PII."
Plaintiffs also say that Home Depot’s alleged conduct was "amplified" by a failure to provide reasonable notice of the breach to customers. They say the company did not provide notice until after Sept. 2 and only by disclosing a statement that there "'might'" be a 'possible payment data breach.'"
"The aforementioned statement was not one designed to notify affected customers directly," the suit states. "Instead, Defendant Home Depot posted the statement on its corporate website (not on the shopping site regularly accessed by customers)."
On Sept. 9, the company issued a statement that its investigation was focusing on transactions that occurred from April forward.
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said company CEO and chairman Frank Blake. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”