The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
Home Depot is 'moving on' from its widely publicized 2014 data breach.
Reuters reported on Tuesday that Home Depot had filed papers in federal court in Atlanta indicating that the company has agreed to pay $13 million to compensate consumers affected in the 2014 breach. An additional $6.5 million was set aside to pay for 18 months of identity protection services for cardholders.
In September 2014, Home Depot acknowledged that information on as many as 56 million credit cards was exposed in a sustained breach of the company that stretched from April 2014 to September of that year.
Subsequent reporting pointed to a pattern of lax security practices at the home improvement giant. Reporting by Nicole Perlroth in The New York Times quoted former employees saying that Home Depot gave short shrift to security: relying on outdated antivirus software by Symantec and infrequently running vulnerability and malicious software scans on point of sale and other systems responsible for handling customer transactions. (I wrote about this here.)
The $13 million in payments for victims amounts to $.23 per lost record.
Prior to settling, Home Depot had sought to have the class action suit dismissed altogether. In September 2015, the company filed a motion in federal court in Atlanta to have the class action suit dismissed. It’s argument: the consumers behind the class action suit cannot prove they were damaged by the breach.
"All of the claims alleged in the complaint suffer from the same fatal defect found in the vast majority of other breach cases ... they have suffered no actual or imminent economic injury that is fairly traceable to Home Depot's alleged conduct," the company says in its filing, according to a report in the Atlanta Business Chronicle.
That argument didn’t meet with much success in court in Atlanta, apparently. In statements on Tuesday, Home Depot spokesman Stephen Holmes said the company wanted to “put the litigation behind us.” “This was the most expeditious path,” Holmes said.
A hearing to approve the final settlement is scheduled for August 12th, 2016 in Atlanta.
Home Depot’s settlement is in line with other recent breaches at retailers. Target Stores, for example agreed to pay $10 million to make consumers whole after its breach.
However: still pending are lawsuits brought by credit card companies and banks who suffered damage from fraud related to the incident. In Target’s case: those suits were more costly. The company agreed in August to pay $67 million to Visa over the data hack. In December, it reached an agreement to pay another $39 million to banks that service Mastercard.