Home Depot to pay $19.5M for 2014 data breach

  • Small
  • Medium
  • Large

Home Depot has settled the lawsuit over its 2014 data breach, agreeing to pay a total of $19.5 million, of which $13 million will go toward a fund to reimburse customers for out-of-pocket losses and $6.5 million will fund cardholder identity protection services for the next 18 months, reports Reuters.

The home improvement store was targeted by hackers in 2014 who used a vendor's log in credentials to inappropriately access its computer network. The intruder then used custom-built malware to access customers' credit card information. More than 50 million customers nationwide had their credit card information stolen between April and September 2014.

In addition to the financial payment, Home Depot also agreed to improving data security over the next two years and hiring a CISO, according to Reuters.

Home Depot did not admit wrongdoing or claim liability.

Following the breach, Home Depot faced at least 57 class action lawsuits in U.S. and Canadian courts. The lawsuits were consolidated in the Atlanta court, where Home Depot is headquartered, according to the report.

"We wanted to put the litigation behind us, and this was the most expeditious path," Stephen Holmes, a spokesman for Home Depot, told Reuters. "Customers were never responsible for any fraudulent charges."

More articles on data breaches:

Malware, hacking attacks double over the past year: 3 things to know
21st Century Oncology reports 2015 breach
Premier Healthcare suffers data breach due to stolen laptop

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars