Home Depot to pay $25 million to settle data breach lawsuit by banks

By Erin Ayers on March 20, 2017

Home Depot has reached an agreement to pay $25 million to banks and credit unions to settle a lawsuit over the retailer’s 2014 data breach.

The lawsuit and settlement represent the consolidation of over 25 class actions against Home Depot by 50 financial institutions. The banks claimed that lax security practices led to Home Depot’s breach of information from an estimated 56 million payment cards.

“Investigation revealed hackers placed malware on Home Depot’s self-checkout kiosks in stores across the country, allowing them to steal customers’ personal financial information, including names, payment card numbers, expiration dates, and security codes,” noted the US District Court for the Northern District of Georgia in its discussion of the settlement, which still requires final approval.

“The stolen information was then sold over the Internet to thieves who made massive numbers of fraudulent transactions using the payment cards that financial institutions had issued to Home Depot’s customers,” the court said. “Financial institutions were forced to cancel and reissue the compromised payment cards to mitigate the damage, reimburse their customers for fraudulent transactions, and otherwise incur substantial out of pocket expenses in responding to the data breach.”

The settlement includes assurances that in addition to paying $25 million into a fund for financial institutions, Home Depot will also make security updates to prevent breaches in the future.



This story in an excerpt of the original. The content originally appeared in Cyber Front Page News.
To read the full story, you must be a subscriber. If you are a subscriber, check your email for Cyber Front Page News on March 20, 2017.


Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at eayers@advisen.com.