Home Depot has recently agreed to a multistate settlement over a 2014 data breach. The Georgia-based firm suffered a major data breach in 2014 that affected millions of customers.
Home Depot 2014 Data Breach Overview
In April 2014, the DIY retailer Home Depot suffered a major security breach via POS malware attack on its stores. However, the attack remained undetected until September 2014. During all this time, the attackers continued to pilfer payment card details of the customers.
Then, on September 2, 2014, the firm detected the breach after the banking partners and LEAs alerted them.
Initially, it was believed that the attack might have affected around 60 million customers. However, as confirmed via the AG’s recent announcement, the incident impacted 40 million customers nationwide.
The malware attack resulted in the loss of sensitive data of the consumers across the US and Canada. Home Depot merely assured that the incident didn’t leak the debit card PINs.
$17.5 Million Settlement
Years after the serious cyberattack, The Home Depot has agreed to a $17.5 million settlement with 46 states and the District of Columbia.
As announced by the Delaware Attorney General Kathy, alongside the settlement, the retailer has also agreed to implement various security measures regarding users’ data security.
Briefing about the incident, the announcement reads,
The breach occurred when hackers gained access to The Home Depot’s network and deployed malware on The Home Depot’s self-checkout point-of-sale system. The malware allowed the hackers to obtain the payment card information of customers who used self-checkout lanes at The Home Depot stores throughout the U.S. between April 10, 2014, and Sept 13, 2014.
In a separate announcement, the Massachusetts AG Maura Healey also confirmed securing $525,000 in the settlement. According to Healey,
Retailers must take meaningful steps to protect consumers’ credit and debit card information from theft when they shop. This settlement ensures Home Depot complies with our state’s strong data security law and requires the company to take steps to protect consumer information from illegal use or disclosure.
Let us know your thoughts in the comments