home depotDuring the period 2014-2015, several companies –including Home Depot — that had experienced high-profile data breaches were hit with cybersecurity-related D&O lawsuits. All of these lawsuits, including the one against Home Depot, were dismissed. The plaintiffs in the Home Depot case filed an appeal of the dismissal. Now it appears that while the appeal was pending the parties to the Home Depot data breach-related derivative lawsuit have reached a settlement. The settlement could have interesting implications for the plaintiffs’ bar’s ongoing efforts to pursue data breach related D&O litigation.
Continue Reading Home Depot Settles Data Breach-Related Derivative Lawsuit

Clabby_Jack (1)
John E. Clabby
Joseph W. Swanson

As I noted in a September 9, 2015 post (here), a Home Depot shareholder has filed a data breach-related derivative lawsuit against certain of the company’s directors and officers, in which the plaintiff contends that the defendants breached their fiduciary duties by failing to ensure that customer credit card information was secure and protected. A copy of the complaint can be found here.

In the following guest post, John E. Clabby and Joseph W. Swanson of the Carlton Fields Jorden Burt law firm take a look at the Home Depot data breach D&O lawsuit and provide their views on what the lawsuit may foreshadow for future D&O litigation. Jack and Joe also  review what they think are the lessons for corporate boards and managers from the lawsuit’s allegations, as well as the implications of the lawsuit for companies that experience a data breach in the future.

I would like to thank Jack and Joe for their willingness to publish their guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to readers of this blog. Please contact me directly if you would like to submit a guest post. Here is Jack and Joe’s guest post.



Ending months of speculation, a shareholder has finally filed a derivative lawsuit against the directors and management of The Home Depot, Inc., in connection with the massive data breach the company suffered in 2014. The complaint, which alleges breach of fiduciary duty and corporate waste, fits the emerging template of shareholder derivative lawsuits after breaches at public companies. As such, it is worth a closer analysis for those whose jobs include protection of public companies and their boards from and during data breaches, both directly through more robust cybersecurity measures and indirectly through director and officer insurance and cyber-risk policies.
Continue Reading Guest Post: Preparing for a Cyber Caremark Lawsuit: Lessons from the Home Depot Derivative Complaint

homedepotIn early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. (here) and Wyndham Worldwide (here), there was some speculation that these cases might be the first of what could become a wave of data-breach related D&O lawsuits. But then the Wyndham Worldwide case was dismissed (refer here) and no new data breach-related D&O lawsuits followed, even though there were several high profile data breaches after that time (including Sony Entertainment, Anthem and Home Depot). Although many predicted that more D&O lawsuits were to come, the suits themselves did not materialize. There were, however, some suggestions that a lawsuit against Home Depot might eventually arrive, as a plaintiff initiated a books and records action in Delaware Chancery Court against the company.

The wondering and waiting about whether or not there will be a Home Depot data breach-related D&O lawsuit is now over. A Home Depot data breach-related shareholder’s derivative lawsuit has been filed in the Northern District of Georgia. On September 2, 2015, a plaintiff shareholder filed a redacted complaint in a lawsuit against Home Depot, as nominal defendant, and twelve Home Depot directors and officers, alleging that the defendants breached “their fiduciary duties of loyalty, good faith, and due care by knowingly and in conscious disregard of their duties failing to ensure that Home Depot took reasonable measures to protect its customers’ personal and financial information.” The redacted version of the plaintiff’s complaint can be found here. (Please see below for further explanation about the timing of the filing of the plaintiff’s lawsuit and the redactions to the complaint.)
Continue Reading Data Breach-Related Derivative Lawsuit Filed against Home Depot Directors and Officers