Back in 2014, Home Depot experienced what many cybersecurity experts considered the largest retail card data breach in history. In the breach, 56 million debit and credit cards were accessed by hackers and a class-action lawsuit was subsequently filed by affected customers. The consumer lawsuit resulted in a payout of around $19.5 million, with $13 million being set aside for direct reimbursement and $6.5 million being used to provide identity protection services at no charge to the customers suing. This suit was concluded in 2016, but Home Depot was far from out of the woods on this issue.
According to a recent Reuters report published in late November 2020, Home Depot also reached a settlement with numerous states in the U.S. The report states that Home Depot paid the attorney general offices of 46 states and Washington D.C. $17.5 million for negligence shown at the time of the breach. Much of the case hinges on poor encryption standards that allowed hackers to access self-checkout point-of-sale (POS) systems.
The investigation that resulted in the settlement was led by the attorneys general of Connecticut, Illinois, and Texas. As quoted by Reuters, Connecticut Attorney General William Tong said ted that any company collecting sensitive data (such as credit and debit card information) “have an obligation to protect that information from unlawful use or disclosure,” and that “Home Depot failed to take those precautions.” Home Depot still denies any wrongdoing in the incident, but they also state that they have made changes to their cybersecurity since the incident. In a statement to the press, Home Depot asserted that they “invested heavily to further secure our systems.” Home Depot is also quoted as saying “we’re glad to put this matter behind us.”
While the Home Depot data breach case is now over, it serves as a lesson to any company handling sensitive data. If you invest in cybersecurity, it will pay dividends for you. By protecting consumer data, companies will not have to worry about legal action later that tarnishes their reputation and results in massive payouts (either through settlement or fines).
Featured image: Flickr/Mike Mozart