In re The Home Depot, Inc. Shareholder Derivative Litigation

223 F. Supp. 3d 1317, 2016 U.S. Dist. LEXIS 164841, 2016 WL 6995676

• Court: District Court, N.D. Georgia
• Decided: November 30, 2016
• Docket: CIVIL ACTION FILE NO. 1:15-CV-2999-TWT
• Status: Published

Opinion

OPINION AND ORDER

THOMAS W. THRASH, JR., United States District Judge

This is a shareholder derivative action. It is before the Court on the Defendants’ Motion to Dismiss [Doc. 45]. For the reasons set forth below, the Defendants’ Motion to Dismiss [Doc. 45] is GRANTED.

I. Background

This case arises out of the breach of Home Depot’s security systems and the theft of them customers’ personal financial data (the “Breach”) over the course of several months in 2014. Plaintiffs Bennek and Frohman are current Home Depot shareholders, and held shares in Home Depot at the time of the Breach.¹ The nominal Defendant, The Home Depot, Inc. (“Home Depot”) is a multinational home improvement retailer that is incorporated in Delaware, with its principal place of business in Georgia.²

Included as defendants in the suit are three current and former officers of Home Depot (the “Officers”). Francis Blake was previously Chairman of the Board from January 2007 to February 2015, and served as CEO during that time until November 2014. Matthew Carey is Home Depot’s Executive Vice President and Chief Information Officer (“CIO”). Craig Menear served as President of Home Depot’s retail division from February to October 2014, and was appointed as CEO, President, and placed on the Board on November 1, 2014. On February 2, 2015, Menear was appointed Chairman of the Board.³

Also included as defendants are a number of current and former members of Home Depot’s Board of Directors. Home Depot’s Board currently consists of twelve members, nine of whom are named as defendants.⁴ One of them is Menear, who is also the Company’s CEO and President.⁵ The remaining eight current directors are Defendants Bousbib, Bren-neman, Brown, A. Carey, Codina, Foulkes, Katen, and Vadon, all of whom were Directors when the Breach occurred (collectively, the “Outside Directors”).⁶ Defendants Hill and Ackerman are former Directors who were on the Board during the Breach (collectively, the “Former Directors”).⁷

On September 2, 2014, Home Depot learned that it may have been the victim of a criminal breach of its payment card data systems.⁸ After an investigation, Home Depot confirmed that the Breach had occurred and that hackers had managed to steal the financial data of 56 million customers between April and September of 2014.⁹ This followed on the heels of a number of well publicized data breaches that occurred at major retailers like Target and Neiman Marcus the previous year.¹⁰ The hackers used a third-party vendor’s user name and password to enter into Home Depot’s network.¹¹ The hackers then gained elevated rights which allowed them to access the rest of Home Depot’s network and install a custom version of mal-ware called BlackPOS.¹² A similar version of BlackPOS was used in the Target data breach a few months prior, and essentially allowed the hackers to capture a customer’s financial data every time a card was swiped at one of Home Depot’s Point of Sale (“POS”) terminals (e.g., a cash register).¹³ A little over a year after the Breach occurred, Home Depot reported that it had registered a net cost to the Company of $152 million.¹⁴ After all is said and done, the total cost to Home Depot because of the Breach has been estimated to eventually reach nearly $10 billion.¹⁵

In August of 2015, Bennek filed a derivative complaint against Home Depot, and Frohman’s derivative case was later consolidated with Bennek’s. The Plaintiffs allege that the Defendants breached their duty of loyalty to Home Depot because the Defendants failed to institute internal controls sufficient to oversee the risks that Home Depot faced in the event of a breach and because they disbanded a Board of Directors committee that was supposed to have oversight of those risks.¹⁶ As a result of their alleged failure to take the risk of a data breach seriously and immediately implement security measures, the Breach occurred.¹⁷ The Plaintiffs also allege that the Defendants wasted corporate assets, and that the Current Directors violated Section 14(a) of the Securities Exchange Act in their 2014 and 2015 proxy filings.¹⁸

All of the Plaintiffs’ charges against the Defendants ultimately relate to what the Defendants knew before the Breach and what they did about that knowledge. According to the Complaint, Home Depot’s by-laws authorized the Board to delegate any or all of its powers to committees to the extent allowed by law.¹⁹ The by-laws provided for no procedure to do this, other than referencing resolutions of the Board.²⁰ The Company’s Governance Guidelines, however, said that the roles of committees are defined “by the Company’s by-laws and by Committee charters adopted by the Board.”²¹ When it came to overseeing the company’s information technology (IT) and digital security, Home Depot had previously instituted what was called the Infrastructure Committee.²² The Infrastructure Committee, however, was dissolved by Home Depot in May 2012.²³

Home Depot said in its 2012 Proxy Statement that the responsibility for IT and data security which had previously been the domain of the Infrastructure Committee was now being borne by the Audit Committee.²⁴ However, the Audit Committee’s charter was never amended to reflect this change.²⁵ And according to the Complaint, Home Depot’s 2014 and 2015 Proxy Statements, which were issued after the Breach had begun, did not include any indication that the Audit Committee’s charter had not been changed to reflect its new duties.²⁶

In addition to raising the issue of whether anyone had proper oversight over IT and data security, the Complaint also alleges a number of deficiencies in Home Depot’s network security as it stood at the time of the Breach. According to the Complaint, Home Depot’s contracts with financial institutions required them to comply with the Payment Card Industry Data Security Standards (“PCI DSS”), which established a minimum level of protection for data security.²⁷ PCI DSS 2.0, the version of the standards in place at the time of the Breach, required Home Depot to: (1) install and maintain a firewall, (2) protect against malware and regularly update its anti-virus software, (3) encrypt transmission of cardholder data, (4) not store cardholder data beyond the time necessary to authorize a transaction, (5) limit access to payment card data, and (6) to regularly test its data security systems.²⁸

On multiple occasions before the Breach, the Board and the Audit Committee were informed by M. Carey that Home Depot was out of compliance with PCI DSS on multiple levels.²⁹ M. Carey acknowledged that Home Depot was out of compliance, and admitted that Home Depot would likely continue to be out of compliance until February 2015,³⁰ M. Carey assured the Board that there was a plan in place, and that it was in the process of being implemented.³¹ During this time, the Board continued to receive regular updates from M. Carey.³²

On September 8, 2014, Home Depot acknowledged that there had been a breach of its network.³³ At the time of the Breach, Home Depot’s security systems were still “desperately out' of date,” according to then-CEO, the Defendant Blake.³⁴ For example, encryption technology had only been installed at twenty-five percent of its stores by the time the Breach was discovered in September 2015.³⁵ In response, Home Depot accelerated its efforts to increase its security, and was able to install encryption technology on the remaining seventy-five percent of its stores in just six days.³⁶

As a result of the harm caused to Home Depot by its delay in responding to threats Home Depot acknowledged as significant, the Plaintiffs filed this derivative suit. The Plaintiffs claim that the Defendants breached their duties of care and loyalty, wasted corporate assets, and violated Section 14(a) of the Securities Exchange Act. The Defendants now move to dismiss the claims against them under Rules 12(b)(6) and 23.1(b)(3) of the Federal Rules of Civil Procedure.

II. Legal Standard

A complaint should be dismissed under Rule 12(b)(6) only where it appears that the facts alleged fail to state a “plausible” claim for relief.³⁷ A complaint may survive a motion to dismiss for failure to state a claim, however, even if it is “improbable” that a plaintiff would be able to prove those facts; even if the possibility of recovery is extremely “remote and unlikely.”³⁸ In ruling on a motion to dismiss, the court must accept the facts pleaded in the complaint as true and construe them in the light most favorable to the plaintiff.³⁹ Generally, notice pleading is all that is required for a valid complaint.⁴⁰ Under notice pleading, the plaintiff need only give the defendant fair notice, of the plaintiffs claim and the grounds upon which it rests.⁴¹ However, in a shareholder derivative case, the complaint shall also allege with particularity the efforts, if any, made by the plaintiff to obtain the action the plaintiff desires from the directors or comparable authority and, if necessary, from the shareholders or members, and the reasons for the plaintiffs failure to obtain the action or for not making the effort.⁴²

III. Discussion

Rule 23.1 clearly “contemplates both the demand requirement and the possibility that demand may be excused ... [but] it does not create a demand requirement of any particular dimension.”⁴³ Because the demahd doctrine is a matter of substance, the Court looks to the state of incorporation to provide the rule of decision.⁴⁴ In this case, Home Depot is incorporated in Delaware; therefore, the Court looks to Delaware’s substantive law.

“A cardinal precept of the General Corporation Law of the State of Delaware is that directors, rather than shareholders, manage the business and affairs of the corporation.”⁴⁵ Shareholder derivative suits restrict this managerial authority. Therefore, as a prerequisite to a shareholder derivative suit, Delaware law requires an aggrieved shareholder to demand that the board take the desired action.⁴⁶ This demand requirement “insure[s] that a stockholder exhausts his in-tracorporate remedies, and ... provide[s] a safeguard against strike suits.” ⁴⁷

It is undisputed that no demand was made in this instance. The Plaintiff shareholder thus has the burden of demonstrating that demand is excused because it would have been futile. In situations like this case where the Plaintiffs complain of Board inaction and do not challenge a specific decision of the Board, a finding of demand futility is authorized only where “particularized factual allegations of [the] derivative stockholder complaint create a reasonable doubt that, as of the time the complaint is filed, the board of directors could have properly exercised its independent and disinterested business judgment in responding to a demand.” ⁴⁸Because the independence of the Board is determined at the time of filing, the Court only need look to the claims against the Current Directors. And further, because the Board acts by will of the majority, the Plaintiffs’ Complaint must show that a majority of the Directors were not independent. As such, the Court only need address the Plaintiffs’ claims against the Outside Directors (the Defendants Bousbib, Brenne-man, Brown, A. Carey, Codina, Foulkes, Eaten, and Vadon), who make up a majority of the Board⁴⁹ and are all similarly situated, to determine whether the Board of Directors was independent.

Interest is demonstrated where a director “will receive a personal financial benefit from a transaction that is not equally shared by the stockholders,” or “where a corporate decision will have a materially detrimental impact on a director, but not on the corporation and the stockholders.”⁵⁰ Only the former is at issue here.

Initially, it seems obvious that the Board was interested given that a majority of its members are named in this lawsuit. After all, very few people would choose to sue themselves. However, as this Court previously noted, under Delaware law “derivative action plaintiffs do not ring the futility bell merely by including a majority of the directors as defendants.”⁵¹ To do so would eviscerate the demand requirement entirely. Instead, Delaware law requires the Plaintiffs to show director conduct that is “so egregious on its face that board approval cannot meet the test of business judgment, and a substantial likelihood of director liability therefore exists.”⁵²

The Plaintiffs plead claims against the Outside Directors for breaches of their duty of loyalty, corporate waste, and violations of Section 14(a) of the Securities Exchange Act. The Defendants argue that the Plaintiffs must plead particularized facts for these claims against each defendant individually. To the Court’s knowledge, Delaware courts have not directly addressed whether “group pleading” is sufficiently particular for demand futility. However, a number of District Courts have, and all of them have at least said that group pleading is not per se insufficient.⁵³ As long as the defendants are “similarly situated,” group pleading may be enough.

Individual and particularized facts for each defendant would be more necessary in cases, for example, where the directors are alleged to be financially interested in a proposed merger. In those cases, to determine whether a majority of the board of directors were interested would require an individual analysis. But in this case, all of the Plaintiffs’ claims against the non-officer Current Directors essentially allege that they are liable because of information they received and decisions they took collectively. There is nothing to be gained by addressing each Outside Director individually because they are all similarly situated. As such, the Court now addresses each of the claims against the Outside Directors and takes them together as a group.

A. Duty of Loyally Claims

The Plaintiffs’ primary claim for liability is that the Directors breached their duty of loyalty to the company. In cases such as this one, where the Plaintiffs allege a failure of oversight on the part of the Board, the Plaintiffs must show that the Directors either “knew they were not discharging their fiduciary obligations or that the directors demonstrated a conscious disregard for their responsibilities such as by failing to act in the face of a known duty to act.”⁵⁴ When added to the general demand futility standard, the Plaintiffs essentially need to show with particularized facts beyond a reasonable doubt that a majority of the Board faced substantial liability because it consciously failed to act in the face of a known duty to act. This is an incredibly high hurdle for the Plaintiffs to overcome, and it is not surprising that they fail to do so.

The Plaintiffs first attempt to clear this hurdle by pointing to the disbanding of the Infrastructure Committee. According to the Complaint, when the Board disbanded the Infrastructure Committee, it failed to amend the Audit Committee’s charter to reflect the new responsibilities for data security that had been transferred from the Infrastructure Committee, as required by the Company’s Corporate Governance Guidelines. The Plaintiffs argue, therefore, that the Board failed to designate anyone with the responsibility to oversee data security, thereby leaving them without a reporting system.

This argument is much too formal. Even if the Board’s failure to amend the Audit Committee charter meant that it did not have authority to oversee data security, and the Court doubts that is true, it is irrelevant here. Demand futility is a fact based analysis. Whether or not the Audit Committee had technical authority, both the Committee and the Board believed it did. The Complaint itself details numerous instances where the Audit Committee received regular reports from management on the state of Home Depot’s data security, and the Board in turn received briefings from both management and the Audit Committee. Based on those facts alone, there can be no question that the Board was fulfilling its duty of loyalty to ensure that a reasonable system of reporting existed.

The Plaintiffs then argue that the Board “failed to ensure that a plan was in place to immediately remedy the deficiency [in Home Depot’s data security], and that the proposed remedy complied with PCI DSS.”⁵⁵ Importantly, the Plaintiffs repeatedly acknowledge that there was a plan, but that in the Plaintiffs’ opinion it moved too slowly.⁵⁶ Under Delaware law, however, directors violate their duty of loyalty only “if they knowingly and coto-pletely failed to undertake their responsibilities.” ⁵⁷ In other words, as long as the Outside Directors pursued any course of action that was reasonable, they would not have violated their duty of loyalty. The Court suspects that is why the Plaintiffs awkwardly try to reframe their argument to say that the Board “failed to take any action to remediate the problems.”⁵⁸ But the Plaintiffs cannot escape the facts in their Complaint and their own contradictory arguments. At the end of the day, the Plaintiffs are alleging that the Board’s plan was not good enough.

The Plaintiffs may be right, but Delaware courts have held that “[b]ad faith cannot be shown by merely showing that the directors failed to do all they should have done under the circumstances.”⁵⁹ Rather, they use language like “utterly” and “completely” to describe the failure necessary to violate the duty of loyalty by inaction.⁶⁰ The cases cited in the Plaintiffs’ Response to the Defendants’ Motion to Dismiss [Doc. 52] work against their argument on this point. In Abbott Labs., the Seventh Circuit found demand excused where the complaint sufficiently alleged that in the face of numerous known violations of law, the directors “took no steps in an effort to prevent or remedy the situation ...”⁶¹ In Pfizer, the court held that demand was futile because the directors received numerous warnings of illegal marketing practices, but they “chose to disregard it.”⁶² And in Veeco Instruments, the company failed to do anything for more than a year to address deficiencies in its accounting department.⁶³ Though the board acted in that case, the court found demand excused because the board failed to act until after the harm had occurred.

But in this case, the Complaint acknowledges that the Board acted before the Breach occurred. The Board approved a plan that would have fixed many of Home Depot’s security weaknesses and it would be fully implemented by February 2015. With the benefit of hindsight, one can safely say that the implementation of the plan was probably too slow, and that the plan probably would not have fixed all of the problems Home Depot had with its security. But the “Directors’ decisions must be reasonable, not perfect.”⁶⁴ While the Board probably should have done more, “[sjimply alleging that a board incorrectly exercised its business judgment and made a ‘wrong’ decision in response to red flags ... is not enough to plead bad faith.”⁶⁵

Therefore, the Court finds that the Plaintiffs have failed to show beyond a reasonable doubt that a majority of the Board faced substantial liability because it consciously failed to act in the face of a known duty to act. As such, demand is not excused on the basis of the Plaintiffs’ duty of loyalty claims.

B. Corporate Waste

The Plaintiffs also allege that the Board wasted corporate assets. Under Delaware law, corporate waste is “an exchange that is so one sided that no business person of ordinary, sound judgment could conclude that the corporation has received adequate consideration.”⁶⁶ Because waste claims entail an action on the part of the Board, they are evaluated under the Aronson test.⁶⁷ To show demand futility under Aronson, the Plaintiffs “must provide particularized factual allegations that raise a reasonable doubt that ‘(1) the directors are disinterested and independent [or] (2) the challenged transaction was otherwise the product of a valid exercise of business judgment.’ ”⁶⁸ The Plaintiffs do not challenge the independence of the Board, but rather their allegations fall under the second prong of Aronson.

The Plaintiffs first maintain that the Board’s insufficient reaction to the threat posed by the holes in Home Depot’s data security caused significant losses to the Company, which they claim is a waste of Home Depot’s assets. The problem with the Plaintiffs’ argument is that there is no transaction. Corporate waste claims typically involve situations where there has been an exchange of corporate assets for no corporate purpose or for no consideration; in effect, waste is a gift.⁶⁹ The Plaintiffs cite no case law to suggest anything to the contrary.

Rather, the Plaintiffs’ claim is fundamentally a challenge to the Directors’ exercise of their business judgment. To paraphrase the Delaware Chancery Court, what the Plaintiffs are asking the Court to conclude from the presence of these “red flags” is that the Directors failed to see the extent of Home Depot’s security risk and therefore made a “wrong” business decision by allowing Home Depot to be exposed to the threat of a security breach.⁷⁰ With hindsight, it is easy to see that the Board’s decision to upgrade Home Depot’s security at a leisurely pace was an unfortunate one. But this decision falls squarely within the discretion of the Board and is under the protection of the business judgment rule.

Perhaps recognizing that their first claim of corporate waste does not quite fit, the Plaintiffs try to argue for the first time in their Response to the Defendants’ Motion to Dismiss [Doc. 52] that the Board also wasted corporate assets through its compensation package to M. Carey.⁷¹ But as this Court has said previously, a “plaintiff cannot amend the complaint by arguments of counsel made in opposition to a motion to dismiss.”⁷² On that ground alone this argument should fail, but it also fails on the merits.

A board’s decision on compensation “is entitled to great deference. It is the essence of business judgment for a board to determine if a particular individual warrants] large amounts of money, whether in the form of current salary or severance provisions.”⁷³ That is not to say that a board’s discretion is unlimited, of course; there is an “outer limit,” at which point the compensation is “so disproportionately large as to be unconscionable and constitute waste.”⁷⁴ As the Plaintiffs point out, Delaware courts did excuse demand where a company gave $68 million, as well as an office, an administrative assistant, and a car and driver for up to five years, to its outgoing CEO who was allegedly responsible in part for billions of dollars in losses to the company.⁷⁵ But that is certainly the exception to the rule. Much more often, Delaware courts have given significant deference to boards’ decisions on executive compensation.⁷⁶

This case is also very different than Citigroup. M. Carey is still an employee of the company, and Home Depot is still receiving substantial consideration through M. Carey’s continued employment. By contrast, Citigroup had just given three times the amount of money paid to M. Carey to a former CEO who no longer worked for it. Though the Court understands the Plaintiffs are not happy with M. Carey’s performance, the Board is in charge of executive compensation. For these reasons, demand is not excused on the basis of corporate waste.

C. Violations of Section 14(a) of the Securities Exchange Act

The Plaintiffs lastly assert that the Current Director Defendants violated Section 14(a) of the Securities Exchange Act when they issued their 2014 and 2015 Proxy Statements. The Plaintiffs and the Defendants disagree on whether these claims are subject to the demand requirement. The Plaintiffs cite one case, Vides v. Amelio, 265 F.Supp.2d 273, 276 (S.D.N.Y. 2003), for the claim that Delaware does not impose a demand requirement for Section 14(a) claims. The Vides court argued that the decision to include or omit information in a proxy statement did not require an exercise in business judgment. But as other courts have noted, while that may be true, directors must still use their business judgment in determining whether to pursue a lawsuit on account of those proxy statements.⁷⁷ Because the business judgment rule is the foundation for the demand requirement, most courts have held that Vides was mistaken and that the demand requirement applies equally to Section 14(a) claims, including another court in the Southern District of New York.⁷⁸ Though the Eleventh Circuit has not yet weighed in on the issue, this Court similarly finds the Vides court’s reasoning to be incorrect, and holds that Section 14(a) claims are subject to the demand requirement.

The decision to include or omit statements in a proxy is not a business decision; it is a legal one. Demand futility, therefore, is evaluated under Aronson’s first prong, which excuses demand if the complaint provides particularized factual allegations that raise a reasonable doubt that the directors are disinterested and independent.⁷⁹ The primary way to show this is to show that a majority of the directors faced a substantial likelihood of liability on the underlying claims.⁸⁰ However, a “mere threat of personal liability ... is insufficient ....”⁸¹

Section 14(a) and Rule 14-A-9 promulgated thereunder require that proxy statements not be false or misleading with regard to any material statement, nor omit to state any material fact necessary in order to make the statements therein not false or misleading.⁸² A fact or statement is material if “there is a substantial likelihood that a reasonable shareholder would consider it important in deciding how to vote.”⁸³ The Plaintiffs do not allege that the Defendants made any false or misleading statements, only that the Defendants omitted important information. As such, the Plaintiffs must show that the Board had a duty to disclose the omitted material fact, which is determined by whether “the SEC regulations specifically require disclosure of the omitted information in a proxy statement, or the omission makes other statements in the proxy statement materially false or misleading.”⁸⁴

Claims under Section 14(a) are also subject to the heightened pleading requirements of the Private Securities Litigation Reform Act (the “PSLRA”). The Plaintiffs argue that the PSLRA only applies when there are allegations of fraud, based solely on Washtenaw Cty. Emps. Ret. Sys. v. Wells Real Estate Inv. Trust, Inc., Civil Action No. 1:07-CV-862-CAP, 2008 WL 2302679, at *10 (N.D. Ga. March 31, 2008). The Supreme Court, however, has stated that the PSLRA “impose[s] heightened pleading requirements and a loss causation requirement upon ‘any private action’ arising from the Securities Exchange Act.”⁸⁵ Though it is time that the subsection title for the PSLRA is labeled as “Requirements for securities fraud actions,” that does not mean that the Act requires fraudulent intention to apply.⁸⁶ Section (b)(1) states that the PSLRA applies in “any private action arising under this chapter .. .”⁸⁷ “Chapter” refers back to the 15 U.S.C. Ch. 2B, which is the code location for the Securities Exchange Act. Since Section 14(a) falls under this chapter in the Code, it is clear that the heightened pleading requirements of the PSLRA do apply to Section 14(a) claims.

When taken together, Section 14(a), Rule 14-A-9 and the PSLRA require the Plaintiffs to specify with particularity: (1) omissions in the Proxy Statements that made other statements either false or misleading, (2) how those omissions were material, (3) each statement in the Proxy Statements that was made false or misleading, (4) the reason or reasons why the statement is misleading, and (5) how the omission caused the loss complained of.

The Plaintiffs allege that the Defendants failed to disclose in their 2014 Proxy Statement that Home Depot had known, specific threats to its data security, and that neither the 2014 nor the 2015 Proxy Statements disclosed that the Audit Committee’s charter was not amended. As to the latter claim, the Court has already stated that this argument is much too formal. Regardless of whether the charter was amended, everyone believed and acted as if the Committee did have oversight over data security during the relative time period. So the fact that the Board did not disclose that the charter had not been amended could not possibly be material.

As for the alleged omission regarding data security threats, the Plaintiffs also fail to sufficiently plead their claims on a number of fronts. They first fail to specifically identify which statements in the 2014 Proxy Statement were rendered false or misleading as a result of the omission. As the Court discussed above, for a Section 14(a) claim to be successful, directors must have had a duty to disclose the omitted information. “Disclosure of an item of information is not required ... simply because it may be relevant or of interest to a reasonable investor.”⁸⁸ By not showing specific statements in the proxy that were rendered misleading or false, the Plaintiffs have failed to demonstrate a duty on the part of the Board to disclose the information, as well as failing to satisfy the requirements of the PSLRA.

On that reason alone, the Court could dismiss the Section 14(a) claim. But the Plaintiffs also fail to plead with particularity how the omissions caused the loss complained of. In order to succeed under Section 14(a), the Plaintiffs must show “that the proxy solicitation itself, rather than the particular defect in the solicitation materials, was an essential link in the accomplishment of the transaction.”⁸⁹ The Eleventh Circuit has said that Section 14(a) claims must show two types of causation: transaction and loss causation.⁹⁰ In other words, the shareholders must have voted for the 2014 Proxy Statement because of the omission (i.e., transaction causation), and the losses to the company must have resulted directly from the 2014 Proxy Statement vote, not from the omission itself (i.e., loss causation).⁹¹

Assuming for the sake of argument that the Plaintiffs’ allegations of materiality are sufficient to show transaction causation, the Plaintiffs still fail to show loss causation. The Plaintiffs make no statement showing that the security breaches to the company would not have occurred but for the Defendants being reelected to the Board. In fact, the Plaintiffs acknowledge in the Complaint that “[b]y the time the 2014 Proxy Statement was issued ... the 2014 Data Breach .had likely begun.”⁹² Regardless of the election, the Breach had already started.

Courts have also regularly dismissed Section 14(a) claims based on the election of directors because the losses are indirect. The Eleventh Circuit, in a case in which corporate insiders made misrepresentations about compensation policy, dismissed the plaintiffs’ claim because “damages suffered by the shareholders were caused not by the policies that they approved via proxy, but by management’s failure to follow those policies.”⁹³ In making its decision, the Eleventh Circuit looked to a Third Circuit case, in which a shareholder claimed he would not have voted for the reelection of the directors if they would have disclosed information about criminal activity and mismanagement at the company.⁹⁴ The Third Circuit dismissed the shareholder complaint because, again, the election of the directors did not cause the harm.⁹⁵ Nothing is different about this case. The election of directors based on the 2014 Proxy Statement did not cause the harm alleged; rather, the insufficient urgency of the Board to correct the holes in Home Depot’s security did.

The Plaintiffs have failed to specify which statements in the 2014 or 2015 Proxy Statements were rendered misleading or false by the omissions, have failed to show the materiality of the Audit Committee omission, and have failed to show causation. The claim is insufficiently pleaded under the PSLRA, and does not demonstrate the necessary duty to disclose required under Section 14(a). As a result, the Plaintiffs have not shown beyond a reasonable doubt that the Defendants would have been interested in the litigation because they have not demonstrated a substantial likelihood that the Defendants would have been liable for a Section 14(a) violation. The Court therefore finds that demand was not futile for the Section 14(a) claims.

IV. Conclusion

For the foregoing reasons, the Plaintiffs have failed to show that demand was futile on any of the claims alleged. Because the pleading requirements of Rule 23.1 are more demanding than those under 12(b)(6), the Court need not address the Defendants’ 12(b)(6) argument. The Defendants’ Motion to Dismiss [Doc. 45] is GRANTED.

SO ORDERED, this 30 day of November, 2016.

1 . Compl. ¶¶ 22-23.

2 . Id. ¶ 24,

3 . Id. ¶¶ 25-27.

4 . Id. ¶ 258.

5 . Id. ¶27.

⁶

7 . Id. ¶¶ 36-37.

8 . Id. ¶ 214.

9 . Id. ¶ 230.

10 . Id. ¶¶ 75, 77.

11 . Id. ¶ 237.

12 .Id.

13 . Id. ¶¶ 76, 219.

14 . Id. ¶ 250.

15 . Id. ¶ 252.

16 . Id. ¶ 6.

17 . Id. ¶ 264.

18 . Id. ¶¶ 299, 305.

19 . Id. ¶ 170.

20 . Id.

21 . Id. ¶ 171.

22 . Id. ¶ 174.

23 . Id. ¶ 177.

24 . Id. ¶ 178,

25 . Id. ¶ 180.

26 . Id. ¶ 183,

27 . Id. ¶ 68.

28 . Id. ¶ 85,

29 . See, e.g., id. ¶¶ 199-210.

30 . Id. ¶ 207.

31 . Id. ¶¶ 207-09, 229, 240, 267.

32 . Id. ¶ 279.

33 . |d ¶ 220.

34 . Id. ¶ 233.

35 . Id. ¶ 124.

36 . Id. ¶ 125.

37 . Ashcroft v. Iqbal, 556 U.S. 662, 129 S.Ct. 1937, 1949, 173 L.Ed.2d 868 (2009); Fed. R. Civ. P. 12(b)(6).

38 . Bell Atlantic v. Twombly, 550 U.S. 544, 556, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007).

39 . See Quality Foods de Centro America, S.A. v. Latin American Agribusiness Dev. Corp., S.A., 711 F.2d 989, 994-95 (11th Cir. 1983); see also Sanjuan v. American Bd. of Psychiatry & Neurology, Inc., 40 F.3d 247, 251 (7th Cir. 1994) (noting that at the pleading stage, the plaintiff "receives the benefit of imagination”).

40 . See Lombard's, Inc. v. Prince Mfg., Inc., 753 F.2d 974, 975 (11th Cir. 1985), cert. denied, 474 U.S. 1082, 106 S.Ct. 851, 88 L.Ed.2d 892 (1986).

41 . See Erickson v. Pardus, 551 U.S. 89, 93, 127 S.Ct. 2197, 167 L.Ed.2d 1081 (2007) (citing Twombly, 550 U.S. at 555, 127 S.Ct. 1955).

42 . Fed. R. Civ. P.23.1(b)(3).

43 . Kamen v. Kemper Fin, Servs., Inc., 500 U.S. 90, 96, 111 S.Ct. 1711, 114 L.Ed.2d 152 (1991).

44 . Id. at 96-97, 111 S.Ct. 1711,

45 . Stepak v. Addison, 20 F.3d 398, 402 (11th Cir. 1994) (quoting Aronson v. Lewis, 473 A.2d 805, 811 (Del. 1984)).

⁴⁶

47 . Aronson v. Lewis, 473 A.2d 805, 811 (Del. 1984), overruled on other grounds by Brehm v. Eisner, 746 A.2d 244 (Del. 2000).

48 . Rales v. Blasband, 634 A.2d 927, 934 (Del. 1993) (emphasis added); accord In re Citigroup Inc. Shareholder Derivative Litigation, 964 A.2d 106, 121 (Del. Ch. 2009).

49 . At the time of filing, the Board consisted of twelve members. Compl. ¶ 258. There are eight non-officer Current Directors, malting up a majority of the Board.

50 . Rales, 634 A.2d at 936.

51 . In re Coca-Cola Enterprises, Inc. Derivative Litigation, 478 F.Supp.2d 1369, 1374 (N.D. Ga. 2007).

52 . Aronson, 473 A.2d at 815 (emphasis added).

53 . See, e.g., In re American Apparel, Inc. S'holder Deriv. Litig., No. CV 10-06576 MMM RCX, 2012 WL 9506072, at *41 (C.D. Cal. July 31, 2012) (concluding that such "group pleading is [not] per se impermissible [under Delaware law, in the context of derivative litigation], so long as group pleading is limited to defendants who are similarly situated”); In re Chemed Corporation, S'holder Deriv. Litig., No. CV 13-1854-LPS-CJB, 2015 WL 9460118, at *10-11 (D. Del. Dec. 23, 2015); In re Johnson & Johnson Deriv. Litig., 865 F.Supp.2d 545, 563 (D.N.J. 2011).

54 . In re Citigroup, 964 A.2d at 123 (emphasis in original).

55 . Compl. ¶ 204 (emphasis added).

56 . See, e.g., Compl. ¶¶ 87, 117-18, 200, 203-04.

57 . Lyondell Chemical Co. v. Ryan, 970 A.2d 235, 243-44 (Del. 2009).

58 . Pls.' Resp. to Defs.’ Mot. to Dismiss, at 23.

59 . Wayne Cty. Employees' Ret. Sys. v. Corti, No. CIV.A, 3534-CC, 2009 WL 2219260, at *14 (Del. Ch. July 24, 2009), aff'd, 996 A.2d 795 (Del. 2010).

60 . See Lyondell, 970 A.2d at 243-44 ("knowingly and completely failed to undertake their responsibilities,” and "the inquiry should have been whether those directors utterly failed to attempt to obtain the best sale price.”),

61 . In re Abbott Labs. Deriv, S'holders Litig., 325 F.3d 795, 809 (7th Cir. 2003).

62 . In re Pfizer Inc. S'holder Deriv. Litig., 722 F.Supp.2d 453, 460 (S.D.N.Y. 2010),

63 . Veeco Instruments, Inc. v. Braun, 434 F.Supp.2d 267 (S.D.N.Y. 2006).

64 . Lyondell, 970 A.2d at 243.

65 . Melbourne Mun, Firefighters' Pension Trust Fund on Behalf of Qualcomm, Inc. v. Jacobs, C.A. No. 10872-VCMR, 2016 WL 4076369, at *9 (Del. Ch. Aug. 1, 2016).

66 . Brehm, 746 A.2d at 263 (quoting In re Walt Disney Co. Derivative Litig., 731 A.2d 342, 362 (Del. Ch. 1998)).

67 . Aronson, 473 A.2d at 805.

68 . In re Citigroup, 964 A.2d at 120 (quoting Brehm, 746 A.2d at 253).

69 . See Lewis v. Vogelstein, 699 A.2d 327, 336 (Del. Ch. 1997) (“Most often the claim is associated with a transfer of corporate assets that serves no corporate purpose; or for which no consideration at all is received. Such a transfer is in effect a gift.”).

70 . In re Citigroup, 964 A.2d at 130 (not excusing demand where the defendants’ exposure to the subprime mortgage market led to significant losses for the company).

71 . Pis.’ Resp. to Defs.' Mot. to Dismiss, at 25.

72 . In re Androgel Antitrust Litig. (No. II), 687 F.Supp.2d 1371, 1381 (N.D. Ga. 2010).

73 . Brehm, 746 A.2d at 263.

74 . Id. at 262 n. 56 (citing Saxe v. Brady, 184 A.2d 602, 610 (Del. Ch. 1962)).

75 . See In re Citigroup, 964 A.2d at 138.

76 . See, e.g., Espinoza v. Zuckerberg, 124 A.3d 47 (Del. Ch. 2015) ("allegations that compensation is excessive or even lavish, as pleaded here, are insufficient as a matter of law to meet the standard required for a claim of waste.”) (internal citations omitted).

77 . Bader v. Blanklein, No. 07-CV-1130 (SLT)(JMA), 2008 WL 5274442, at *6 (E.D.N.Y. Dec. 19, 2008) (The Vides court "ignored the fact that directors must still use their business judgment in deciding what course of action to take when alerted to a materially false statement in a corporate proxy statement.”).

78 . See, e.g., St. Clair Shores Gen. Emps' Ret. Sys. v. Eibeler, No. 06 Civ. 688(SWK), 2006 WL 2849783, at *4-6 (S.D.N.Y. Oct. 4, 2006) (expressly rejecting Vides and holding that Section 14(a) claims are subject to the demand requirement); Washtenaw Cty. Emps. Ret. Sys. v. Wells Real Estate Inv. Trust, Inc., Civil Action No. 1:07-CV-862-CAP, 2008 WL 2302679, at *15 (N.D. Ga. Mar. 31, 2008); Bader, 2008 WL 5274442, at *5-7 (collecting cases).

79 . Brehm, 746 A.2d at 253 (quoting Aronson, 473 A.2d at 814).

80 . Aronson, 473 A.2d at 815.

⁸¹

82 . See 17 C.F.R. § 240.14-A-9; 15 U.S.C. § 78n(a)

83 . Virginia Bankshares, Inc. v. Sandberg, 501 U.S. 1083, 1084, 111 S.Ct. 2749, 115 L.Ed.2d 929 (1991).

84 . Resnik v. Swartz, 303 F.3d 147, 151 (2d Cir. 2002)

85 . Stoneridge Inv. Partners, LLC v. Scientific-Atlanta, 552 U.S. 148, 165, 128 S.Ct. 761, 169 L.Ed.2d 627 (2008).

86 . See 15 U.S.C. § 78u-4(b)(1).

87 . Id. (emphasis added).

88 . Resnik v. Swartz, 303 F.3d 147, 151 (2d Cir. 2002).

89 . Edward J. Goodman Life Income Trust v. Jabil Circuit, Inc., 594 F.3d 783, 796 (11th Cir. 2010) (citing Mills v. Elec. Auto-Lite Co., 396 U.S. 375, 385, 90 S.Ct. 616, 24 L.Ed.2d 593 (1970)).

90 . Id. at 796-97.

91 . Id. at 796 (“The transaction at issue must be the source of the plaintiff’s injury.”).

92 . Compl. ¶ 183.

93 . Jabil, 594 F.3d at 797.

94 . General Electric Co. v. Cathcart, 980 F.2d 927 (3d Cir. 1992).

95 . Id. at 933.