Two men share securities regulation news

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Securities Regulation Daily, December 1, 2016

Home Depot data breach derivative suit dismissed

By Gregory Kane, J.D., M.B.A.

The court dismissed a shareholder derivative action against a home improvement retail giant for failure to meet heightened pleading requirements in relation to corporate mismanagement of its information technology that led to a customer data breach costing the company an estimated $1 billion (In re The Home Depot, Inc., November 30, 2016, Thrash, T.).

Background. The Home Depot is a multinational home improvement retailer incorporated in Delaware with its principal place of business in Georgia. In September 2014, the financial data of 56 million Home Depot customers was stolen due to a breach of the company’s data system. The Board was well aware that the company’s IT and data systems were out of date and well below the required industry standards. The Board had dissolved the committee charged with IT and data security and put those responsibilities with the Audit Committee, although the Audit Committee’s charter was never altered to reflect that change. The Board had approved a plan to improve the company’s cybersecurity, but it was not set for full implementation until 2015. The data breach cost the company an estimated $1 billion.

Demand standard. Under Delaware law, a prerequisite to shareholder derivative actions is that the aggrieved shareholders demand that the board take the desired action. No demand was made in this instance and as such plaintiffs were required not only to prove their claims but demonstrate that the demand was excused because it would have been futile. The primary claim for liability is a breach of duty of loyalty to the company and, with the added demand futility standard required here, plaintiffs would have needed to show with particularized facts beyond a reasonable doubt that a majority of the Board faced substantial liability because it failed to act in the face of a known duty to act—a hurdle too high for the plaintiffs to overcome.

While the Board likely acted too slowly, it had approved a plan to fix many of the security weaknesses then in place which was a reasonable business decision. Plaintiffs also made a claim of corporate waste which, with no particular transaction at issue, was merely a challenge to the board’s business judgment. Lastly, the plaintiffs claimed a violation of Section 14(a) of the Exchange Act because proxy statements at the time omitted any mention of the data security weaknesses of the company. The plaintiffs failed to show, however, that any specific statements in the proxy were misleading or false. For these reasons, the defendants’ motion to dismiss was granted.

The case is No. 1:15-CV-2999-TWT.

Attorneys: Corey Daniel Holzer (Holzer & Holzer, LLC) for Mary Lou Bennek. Cara Marie Peterman (Alston & Bird LLP) for F. Duane Ackerman and The Home Depot, Inc.

Companies: The Home Depot, Inc.

MainStory: TopStory CorporateGovernance CyberPrivacyFeed DirectorsOfficers FiduciaryDuties FormsFilings FraudManipulation PublicCompanyReportingDisclosure GeorgiaNews

Back to Top

Securities Regulation Daily

Introducing Wolters Kluwer Securities Regulation Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.

A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.