Based upon the information we are learning, it could be.
Way back in 2011 I wrote Data Breach — Who’s Gonna Get it? and it scared people. For good reason. In that piece I wrote of how one day, in the future, a company would come along that had clear and unequivocal knowledge of the risk posed by data breach and, despite that knowledge, ignored it.
Then, because it knew of the risks, but chose to ignore those risks, there would be no forgiveness when its time for judgment came and it would have to pay the price for ignoring this risk.
I expected that judgment to come from a jury. Data breach lawsuits based on privacy rights are are having a difficult time in the courts because the plaintiffs are unable to show they suffered any actual harm. However, enterprising lawyers are finding a way around these impediments by looking to companies’ contractual documents and websites to find things such as Privacy Policies, Terms of Service, and other literature making representations about security and using those documents to serve as the premise for deceptive trade practices claims. A case against Home Depot just may be able to get to a jury on these types of claims.
Or, the judgment could — and likely will — also come from elsewhere such as the FTC or attorneys general of many states.
If true, there will be a price to pay
Regardless of where it comes from, the ultimate price that Home Depot pays for this data breach could be of record proportions and make the costs Target paid for its breach pale in comparison. Why?
Because, according to the statements below, Home Depot knew the risks, was fully aware of scope of the risks, knew the consequences of those risks, could have taken steps to mitigate those risks, but instead, it consciously ignored them. If these statements prove to be accurate, sit back and get ready to watch because this one could get interesting:
The risks were clear to computer experts inside Home Depot: The home improvement chain, they warned for years, might be easy prey for hackers.
But despite alarms as far back as 2008, Home Depot was slow to raise its defenses, according to former employees. On Thursday, the company confirmed what many had feared: The biggest data breach in retailing history had compromised 56 million of its customers’ credit cards. The data has popped up on black markets and, by one estimate, could be used to make $3 billion in illegal purchases.