The popular U.S. home improvement retailer Home Depot Inc. has agreed to pay $17.5 million to settle a multistate investigation related to a data breach, which occurred between April 10, 2014, and September 13, 2014. The threat actors illicitly accessed the payment card details of 40 million customers. The investigation was led by Connecticut, Illinois, and Texas.
How Home Depot was Hacked
Cybercriminals misused a vendor’s username and password to break into Home Depot’s network and install a malicious code to obtain customers’ payment card data. The breach, exposed by Brian Krebs, affected the customers who used self-checkout terminals of Home Depot stores across the U.S. and Canada. It is also estimated to have affected over 52 million customers’ data.
Home Depot did not confess liability to the settlement but agreed to comply with the security provisions like hiring a CISO and increasing security standards and training.
“Companies that collect sensitive personal information from customers have an obligation to protect that information from unlawful use or disclosure. Home Depot failed to take those precautions,” said Connecticut Attorney General William Tong.
Relief for the Affected
In a similar data breach settlement, Hanna Andersson, U.S.-based kids wear retailer, agreed to pay $400,000 to settle a data breach lawsuit related to the California Consumer Privacy Act (CCPA). The class-action lawsuit, which is the first monetary settlement under CCPA, was filed in the U.S. District Court for the Northern District of California in February 2020. Also, Health insurer Anthem agreed to pay $39.5 million to settle another class-action suit related to a cyberattack in 2015 that exposed the personal data of nearly 79 million people. Read the full story here…
