223 F. Supp. 3d 1317
N.D. Ga.2016Background
- Home Depot suffered a massive data breach in 2014 that exposed payment-card data for ~56 million customers; remediation ultimately cost the company hundreds of millions and losses were estimated far higher.
- Plaintiffs (Home Depot shareholders Bennek and Frohman) filed a derivative action against Home Depot and multiple current/former officers and directors alleging breach of fiduciary duty (duty of loyalty), corporate waste, and Section 14(a) violations based on alleged failures to oversee cybersecurity and purported deficiencies in proxy disclosures.
- Key factual allegations: Home Depot disbanded an Infrastructure Committee in 2012; responsibility for IT/security was said to shift to the Audit Committee though its charter was not formally amended; management repeatedly informed the Board that Home Depot was out of PCI-DSS compliance and that remediation would take time.
- Plaintiffs contend the Board knew of security deficiencies, but implemented a slow remediation plan (completion projected February 2015) that failed to prevent the 2014 breach; plaintiffs claim demand on the board would have been futile.
- Defendants moved to dismiss under Fed. R. Civ. P. 12(b)(6) and the derivative-demand rule (Rule 23.1); the Court applies Delaware law on demand futility because Home Depot is a Delaware corporation.
- Court: demand was required and not excused because plaintiffs failed to plead particularized facts showing a majority of directors were interested, lacked independence, or faced a substantial likelihood of liability on the asserted claims.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Demand requirement / demand futility | Demand excused because majority of directors were named defendants and faced substantial likelihood of liability for failing to oversee cybersecurity | Demand required; plaintiffs must plead particularized facts creating reasonable doubt of board independence/disinterestedness | Demand not excused; plaintiffs failed to plead particularized facts showing majority of directors were incapable of impartial decision-making |
| Duty of loyalty / failure of oversight (Caremark-type claim) | Board consciously disregarded duties by failing to ensure proper oversight, disbanding Infrastructure Committee, not amending Audit Committee charter, and implementing an inadequate/slow remediation plan | Board received reports, had a remediation plan and acted; mere poor business judgment or slow implementation does not show bad faith or conscious failure to act | Dismissed for lack of particularized facts showing directors ‘‘utterly’’ failed to act; business judgment protects the Board’s actions |
| Corporate waste | Board’s slow response and resulting losses constituted waste of corporate assets | There was no one-sided, gift-like transfer; plaintiffs challenge business judgment, not an unconsummated exchange | Dismissed: no transaction or unconscionable transfer alleged; compensation argument raised in opposition cannot amend complaint and, on merits, is protected by business judgment |
| Section 14(a) proxy omissions and PSLRA pleading | Proxies omitted material facts about security threats and Audit Committee charter status, so directors liable under §14(a) | §14(a) claims are subject to the demand requirement; plaintiffs failed to plead particularized omissions, materiality, and causation; PSLRA’s heightened pleading standards apply | Dismissed: plaintiffs failed to identify misleading statements, show a duty to disclose, satisfy PSLRA particularity, or establish transaction/loss causation |
Key Cases Cited
- Aronson v. Lewis, 473 A.2d 805 (Del. Ch. 1984) (demand futility test when challenging a business decision)
- Rales v. Blasband, 634 A.2d 927 (Del. 1993) (demand futility framework when board did not make the challenged decision)
- Lyondell Chem. Co. v. Ryan, 970 A.2d 235 (Del. 2009) (standards for pleading oversight/breach-of-duty claims)
- Brehm v. Eisner, 746 A.2d 244 (Del. 2000) (business judgment rule and bad faith standards)
- Stoneridge Inv. Partners LLC v. Scientific-Atlanta, 552 U.S. 148 (2008) (causation principles in securities-related claims)
- Virginia Bankshares, Inc. v. Sandberg, 501 U.S. 1083 (1991) (materiality standard for proxy disclosure)
- Ashcroft v. Iqbal, 556 U.S. 662 (2009) (plausibility pleading standard under Rule 12(b)(6))
- Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007) (pleading standards requiring plausibility)