January 25, 2021

Volume XI, Number 25

Advertisement

January 22, 2021

Subscribe to Latest Legal News and Analysis

Home Depot Settles Data Breach Multi-state Enforcement Action for $17.5 Million

Home Depot has agreed to settle a multi-state enforcement action by 46 U.S. states and Washington, D.C. arising from the data breach that occurred in 2014. Home Depot has agreed to pay $17.5 million to put the enforcement action behind it. The investigation was led by the Attorneys General of Connecticut, Illinois and Texas.

The multi-state investigation followed Home Depot’s data breach that affected 40 million customers who used self-checkout terminals in its U.S. and Canadian stores between April 10, 2014, and September 13, 2014. According to the investigation, hackers used a vendor’s username and password to infiltrate Home Depot’s network and deployed malware to access the customers’ payment card information. In addition to the credit card information, at least 52 million people’s email addresses were exposed.

In announcing the settlement, Connecticut Atty. Gen. William Tong stated that companies collecting sensitive personal information “have an obligation to protect information from unlawful use or disclosure… Home Depot failed to take those precautions.” In addition to the monetary settlement, Home Depot has agreed to hire a Chief Information Security Officer, upgrade its security procedures and provide employee training. Home Depot denies liability in the matter.

Advertisement
Copyright © 2020 Robinson & Cole LLP. All rights reserved.National Law Review, Volume X, Number 330
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement