A class action lawsuit alleges Home Depot should have done more to prevent a breach of its computer system that compromised millions of customers' store credit card numbers and other personal information.
The plaintiffs in the case -- Harold Hill, Michele Jhingoor, Bruce Holdridge, Scott McGiffid and James Burden -- allege the home-improvement chain knew about a possible breach as early as 2008, but did nothing to prevent an attack.
Home Depot disclosed on Sept. 8 that a breach had occurred and that information from an estimated 56 million in-house customer credit-card accounts was at risk of being stolen. On Nov. 6, the company disclosed that the breach included about 53 million email addresses.
The lawsuit alleges the attack was foreseeable back in 2008, when computer experts allegedly warned Home Depot executives that the company's systems that store personal identifiable information could be easily hacked.
Home Depot allegedly relied on outdated software and did not adequately encrypt customers' information or conduct vulnerability scans of computers, the lawsuit said.
Home Depot offered customers one year of credit monitoring after the breach, but the plaintiffs said the attack left them vulnerable for years to come. The lawsuit also said the company did not offer to pay for attorney costs that a customer might need to investigate possible identity theft.
The plaintiffs are represented by James Evangelista of Harris Penn Lowry LLP; Howard Longman of Stull, Stull & Brody; Gary Graifman of Kantrowitz, Goldhamer & Graifman, P.C.; William Federman of Federman & Sherwood; and Cornelius Dukelow of Abington Cole + Ellery.
United States District Court Northern District of Georgia Atlanta Division case number 1:14-cv-03845.