News

Home Depot reaches USD 17.5 mln settlement of 2014 breach lawsuit

Friday 27 November 2020 07:47 CET | News

The Home Depot has reached a USD 17.5 million settlement of a multistate lawsuit stemming from a 2014 data breach that compromised the payment card data of 40 million customers.

The settlement, which involves 46 states and Washington, D.C., stems from the breach that happened between April 10 and Sept. 13, 2014, when fraudsters planted credit card skimming malware in Home Depot's network to steal customer payment data. In addition to the financial component of the settlement, the company agreed to implement specific cybersecurity measures to safeguard the personal information of its customers.

Home Depot has created a USD 13 million fund to allow for payments to customers who have documented losses attributed to the breach. Customers will also have the option to receive 18 months of free credit monitoring.

As part of the settlement, The Home Depot must:

  • employ a CISO reporting to both senior executives and the board of directors;
  • provide the resources necessary to fully implement the company's information security program;
  • provide appropriate security awareness and privacy training to all personnel who have access to the company's network or responsibility for US consumers' personal information;
  • implement security safeguards, including logging and monitoring, access controls, password management, two-factor authentication, file integrity monitoring, firewalls, encryption, risk assessments, penetration testing, intrusion detection and vendor account management.

The Home Depot will also undergo a post-settlement review to ensure the agreed-upon details are being implemented.


More: Link


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Home Depot, retail, data breach, security, online fraud
Categories: Securing Transactions | Digital Identity, Security & Online Fraud
Countries: United States
This article is part of category

Securing Transactions