Large-scale corporate data breaches have unfortunately become increasingly common events, posing a variety of challenges to the companies that suffer them. A few weeks ago, a district court in Georgia dismissed one of the first shareholder derivative actions that challenged the adequacy of a corporation’s data-breach prevention strategy. While that court held that the business judgment rule shielded the company’s actions, it remains to be seen whether that position becomes the majority one.
Background
On Nov. 30, 2016, the U.S. District Court for the Northern District of Georgia dismissed a derivative action brought by shareholders of home improvements giant The Home Depot, Inc. in the wake of a 2014 data breach, in which hackers stole over 56 million customers’ personal financial information. All told, according to the complaint, the breach could cost Home Depot nearly $10 billion in liability from credit-card fraud, card reissuances, and lawsuits from banks and credit unions that suffered from the breach.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
