Home Depot Settles 2014 Data Breach for $17.5 Million

Home Depot has agreed to settle a multistate investigation into the data breach involving the theft of millions of customers’ credit cards. In 2014, Home Depot was the target of a cyberattack where the company’s point-of-sale systems were infected with malware designed to steal customer payment card data. 

The settlement resolves 46 states’ and the District of Columbia’s investigations into the breach. The $17.5 million settlement amount will be divided among the states and used for attorneys’ fees, investigation and litigation costs, or applied to a consumer protection law enforcement fund. Of the $17.4 million amount, Texas is to receive $1.78 million, Connecticut is to receive $1.09 million, and California is to receive $1.8 million. 

In addition to the fine, Home Depot must implement a new information security system designed to protect personal information. According to a court filing, Home Depot must develop a written program that takes into account the size and complexity of Home Depot’s operations and the sensitivity of the information the company keeps. The program must be overseen by a Chief Information Security Officer with appropriate credentials, background, and expertise in information security. Home Depot must also provide security awareness training for its staff, among other requirements detailed in the filing. 

The attorneys at Chilivis Grubman represent clients of all sizes in connection with data breach and cybersecurity matters, including regulatory obligations and litigation arising therefrom.  If you need assistance with such a matter, please contact us today.