iTnews
  • Home
  • News
  • Technology
  • Security

Home Depot to pay out $26m in data breach settlement

By Staff Writers on Mar 9, 2016 6:39AM
Home Depot to pay out $26m in data breach settlement

Settles with customers, but doesn't admit fault.

US retailer Home Depot agreed to pay at least US$19.5 million (A$26.1 million) to compensate consumers harmed by a 2014 data breach affecting more than 50 million cardholders.

The home improvement retailer will set up a US$13 million fund to reimburse shoppers for out-of-pocket losses, and spend at least US$6.5 million to fund 1-1/2 years of cardholder identity protection services.

Home Depot also agreed to improve data security over a two-year period, and hire a chief information security officer to oversee its progress. It will separately pay legal fees and related costs for affected consumers.

Terms of the preliminary settlement were disclosed in papers filed today with the federal court in Atlanta, where Home Depot is based.

Home Depot did not admit wrongdoing or liability in agreeing to settle. The settlement requires court approval.

"We wanted to put the litigation behind us, and this was the most expeditious path," spokesman Stephen Holmes said. "Customers were never responsible for any fraudulent charges."

Home Depot has said the breach affected people who used payment cards on its self-checkout terminals in US and Canadian stores between April and September 2014.

It has said the intruder used a vendor's user name and password to infiltrate its computer network, and used custom-built malware to access shoppers' payment card information.

The accord covers about 40 million people who had payment card data stolen, and 52 million to 53 million people who had email addresses stolen, with some overlap between the groups.

Home Depot said it has booked US$161 million of pre-tax expenses for the breach, including for the consumer settlement, and after accounting for expected insurance proceeds.

Lawyers for the consumers said the accord compares "favorably" with other data breach class actions, including Target's US$10 million settlement over a 2013 data breach that compromised at least 40 million cards.

Legal fees and costs for the lawyers could top US$8.7 million, court papers showed.

At least 57 proposed class action lawsuits were filed in US and Canadian courts over the data breach.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright Reuters
© 2019 Thomson Reuters. Click for Restrictions.
Tags:
breachhome depotsecurity

Partner Content

Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Winning strategies for complaints and disputes management in financial services
Promoted Content Winning strategies for complaints and disputes management in financial services
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Staff Writers
Mar 9 2016
6:39AM
0 Comments

Related Articles

  • Twitter says zero-day bug leaked account data
  • Carnival fined US$5m for cyber security violations
  • Law firm mulls class action over NDIS software provider data breach
  • NDIS case management system provider breached
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia sets changeover date for myGov

Services Australia sets changeover date for myGov
Google Cloud IoT Core goes on the end-of-life list

Google Cloud IoT Core goes on the end-of-life list
NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026
Wesfarmers to stand up offensive cyber security capabilities

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
Edge and IoT critical to Web3 infrastructure
Edge and IoT critical to Web3 infrastructure
Save the Date — Digital Nation Live launches on October 25
Save the Date — Digital Nation Live launches on October 25
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.