As Home Depot continues to install new encrypted terminals to replace those infected with malware that affected 56 million payment cards across the United States and Canada, a Canadian law firm is preparing for a huge class-action suit against the giant home improvement retailer.
The Canadian Home Depot stores can expect the new terminals to be delivered and installed by early 2015, but the American stores which were lacking in equipment to handle payment cards with embedded chip and PIN technology had to be immediately addressed.
The Canadian lawsuit, which so far represents as many as four million shoppers, alleges Home Depot breached its fiduciary duty to keep personal data confidential and was negligent in allowing the breach. Additionally, the Merchant Law Group intends to file that Home Depot waited too long to warn customers of the cyberattack, which was first reported on Sept. 2 by Brian Krebs on his blog KrebsOnSecurity.com. Several days later, Home Depot released a statement that its payment system was hit by a security breach, affecting customers using debit and credit cards from April on at its stores in Canada and the United States, adding that no customer would be responsible for any fraudulent charges on their accounts.
Home Depot further offered free identity theft protection and credit monitoring to any customer who used payment/credit cards at any of their 2,264 stores in North America.
Interestingly, the identity theft insurance in the package offered to Canadian customers by Equifax has an upper limit of $50,000 whereas the shoppers in the United States are offered similar protection from insurance firm AllClear with an upper limit of $1 million, which provides legal fee coverage as well.
Home Depot has reported several class-action lawsuits have also been filed in the United States on behalf of customers there. According to Forbes.com, Home Depot estimates that the breach has so far cost the company $62 million, with further costs to come, and $27 million expected to be reimbursed through insurance coverage.
Target announced in August that its breach, which compromised 40 million credit and debit cards in December 2013, cost the company $148 million.