Home Depot Agrees to Pay $17.5 Million in Multistate Settlement Following 2014 Data Breach
Wednesday, November 25, 2020
Home Depot Data Breach Settlement
Print Mail Download i

On November 24, 2020, a multistate coalition of Attorneys General announced that The Home Depot, Inc. (“Home Depot”) agreed to pay $17.5 million and implement a series of data security practices in response to a data breach the company experienced in 2014. The $17.5 million payment will be divided among the 46 participating states and the District of Colombia. We previously reported on a settlement Home Depot reached in 2017 to resolve a putative class action brought by financial institutions impacted by the 2014 data breach.

The 2014 breach occurred when unauthorized parties gained access to Home Depot’s network and installed malware on the company’s self-checkout point-of-sale system, allowing the attackers to obtain payment card information from customers who used self-checkout registers in Home Depot stores between April 10, 2014 and September 13, 2014. Approximately 56 million payment card numbers were compromised, and the stolen information was used to conduct fraudulent transactions. Home Depot publicly disclosed the breach in September 2014.

In addition to the $17.5 million settlement, Home Depot agreed to implement various data security measures, including:

  • employing a qualified chief information security officer who will report to both senior or C-suite executives and the board of directors regarding Home Depot’s security posture and identified security risks;

  • ensuring the company allocates appropriate resources to implement and maintain its information security program;

  • providing appropriate security awareness and privacy training to all personnel who have access to the company’s network or who are otherwise responsible for processing U.S. consumers’ personal information;

  • employing specific information security safeguards with respect to logging and monitoring, access controls, password management, two-factor authentication, file integrity monitoring, firewalls, encryption, risk assessments, penetration testing, intrusion detection and vendor management; and

  • undergoing an assessment that will evaluate, in part, Home Depot’s implementation of the information security program and controls described above.

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.

Current Legal Analysis

More from Hunton Andrews Kurth

Congress Extends Statute of Limitations for Sanctions Violations
by: Kevin E. Gaunt , Sevren R. Gourley
CIPL Publishes Report on Enabling Beneficial and Safe Uses of Biometric Technology Through Risk-Based Regulations
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Maryland Legislature Passes State Privacy Bill with Robust Requirements and Broad Threshold for Application
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
HHS Extends Protections for Reproductive Privacy Under HIPAA
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
New York’s Prenatal Leave Requirement Part of a Larger Trend Affecting Employers
by: Holly H. Williamson , J. Marshall Horton
Chilean Government Releases its Green Hydrogen Action Plan 2023-2030
by: Christian Rudloff , Gustavo Rodríguez-Villate
“Dollars and Sense” – Understanding the DOL’s New Salary Requirements for FLSA-Exempt Employees
by: Ryan A. Glasgow , Theanna Bezney
FTC Issues Record Penalty Against Williams-Sonoma for Made in USA Claims
by: Katherine Pauly , Phyllis H. Marcus
Proposed California Law Would Penalize Employers for Contacting Employees After Hours
by: Julia Y. Trankiem , Michael A. Pearlson
FTC Issues Sweeping Final Rule Banning Non-Competes but Broom Not Out of the Closet Yet
by: Kevin Hahm , Leslie W. Kostyshak

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins