Jeff John Roberts
Mar 09, 2017
Home Depot has taken another step to move on from its colossal 2014 data breach, which involved hackers stealing email or credit card information from more than 50 million customers by infiltrating self check-out terminals.
In a new settlement with dozens of banks, the retailer has agreed to pay $25 million for damages they incurred as a result of the breach, one of the biggest in history.
The settlement, filed this week in federal court in Atlanta, also requires Home Depot to tighten its cyber-security practices and to subject its vendors to more scrutiny—a measure tied to the fact that a security flaw by a third-party payment processor made the hacked self-checkout terminals vulnerable.
"We’re pleased to have moved through this phase of resolution," said Stephen Holmes, a spokesman at Home Depot.
The settlement and related legal proceedings are important because they show how payment-related breaches put companies on the hook not just to consumers, but to banks and the credit card industry. Indeed, court filings show Home Depot has paid far more to the financial industry than to consumers.
In addition to this week's $25 million settlement, Home Depot has also paid at least $134.5 million in compensation to consortiums made up of Visa, MasterCard, and various banks.
On the consumer side, Home Depot last year agreed to a $19.5 million settlement to affected customers that included a $13 million cash fund as well as credit monitoring services.