Home Depot settles 2014 data breach

Attorney General Kathy Jennings announced that Delaware has joined a total $17.5 million settlement against Georgia-based retailer The Home Depot, resolving a multistate investigation of a 2014 data breach which exposed the payment card information of approximately 40 million Home Depot consumers nationwide. Through the settlement The Home Depot has reached a resolution with 45 other states and the District of Columbia. The DOJ’s Consumer Protection Unit helped secure the settlement.

The breach occurred when hackers gained access to The Home Depot’s network and deployed malware on The Home Depot’s self-checkout point-of-sale system. The malware allowed the hackers to obtain the payment card information of customers who used self-checkout lanes at The Home Depot stores throughout the U.S. between April 10, 2014 and Sept 13, 2014.

In addition to the $17.5 million total payment to the states, The Home Depot has agreed to implement and maintain a series of data security practices designed to strengthen its information security program and safeguard the personal information of consumers.

“Businesses that collect or maintain sensitive personal information have an obligation to live up to the trust consumers place in them,” said Attorney General Jennings. “My office will continue to ensure businesses like The Home Depot protect consumers’ information from unlawful use or disclosure.”

Specific information security provisions agreed to in the settlement include:

Employing a duly qualified Chief Information Security Officer reporting to both the Senior or C-level executives and Board of Directors;
Providing resources necessary to fully implement the company’s information security program;
Providing appropriate security awareness and privacy training to all relevant personnel;
Employing specific security safeguards with respect to logging and monitoring, access controls, password management, two-factor authentication, file integrity monitoring, firewalls, encryption, risk assessments, penetration testing, intrusion detection, and vendor account management; and
Undergoing a post settlement information security assessment to evaluate The Home Depot’s implementation of the information security program.

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Video analytics has come a long way in the past two years. Improvements to edge-based data algorithms have helped companies like Public Storage reduce the number of false alarms and protect properties better than ever before.

Home Depot settles 2014 data breach

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Home Depot settles 2014 data breach

Share This Story

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.