Court Dismisses Shareholder Derivative Suit Over 2014 Home Depot Breach

Written by: Richard Sheinis, Esq.

An Atlanta court has dismissed a shareholder derivative suit against Home Depot’s CEO and Board Chairman, Executive Vice-President and Chief Information Officer, and several members of the Board of Directors, arising from the 2014 breach which affected the credit card data of 56 million customers. The suit by Home Depot shareholders alleged that the data breach was foreseeable, and the defendants did not do enough to secure the credit card information of its customers, despite knowledge that their data security was out of date.

The court stated that even though the defendants “probably should have done more” to secure the data, this was not enough to show bad faith, or that the defendants violated their duty of loyalty to Home Depot. There were no false or misleading statements about the company’s data security in Home Depot’s proxy statements. Although the defendants won this case, it is a good lesson for why the C level officers and the Board of Directors of publicly traded companies need to be involved in data security, and not just leave it up to others