The Home Depot data breach might seem like yesterday’s news to some people, which is understandable considering it happened almost two years ago. Of course, plenty of other big-name breaches have since made headlines over the past few years. But the aftermath of an event like that one isn’t so easy to get over, especially for people who experienced significant financial fallout from the event.
Since the 2014 incident, there have been 57 individual lawsuits filed against the retailer due to this single data breach, which were then consolidated into one class-action suit. Now, Home Depot has reached an agreement to pay $19.5 million to consumers—$13 million for out-of-pocket losses due to having their credit card information stolen, and another $6.5 million to cover the cost of providing credit monitoring services for the customers affected by the breach. While the company hasn’t admitted any wrongdoing as part of the settlement, this agreement will be a way to move forward and put the incident behind them without incurring further costs; after all, the court costs and legal fees for this case are expected to reach nearly $9 million.
There are other unintended victims in any kind of breach like this one, and that’s the banks who have to front the cost of replacing their customers’ credit cards, as well as the credit card companies themselves who forgive the fraudulent purchases that were made after identity thieves sold or used the victims’ credit card information.
But apart from the money that will be paid out to cover fraudulent charges, another major aspect of the settlement looks at how Home Depot plans to move forward, and it’s something that all companies who’ve experienced a breach have to contend with: how do we keep this from happening again?
In all, around 40 million customers had their credit cards stolen in this single event, and a total of 54 million email addresses were stolen in connection with the individuals’ accounts. Home Depot has had to take a good look at what kind of problem caused this breach to occur in the first place, and what steps will prevent it down the road.
The investigation into the breach originally revealed that hackers stole the customers’ payment data through the point-of-sale credit card system, after the hackers got the username and password for one of Home Depot’s third-party vendors; that’s eerily similar to how hackers infiltrated Target’s network in 2013. As a result, the home improvement company has agreed to revamp their entire payment system and to hire a chief information security officer to oversee customers’ security in the future. Hopefully those steps will be enough to protect both the retailer and its customers from now on.
Anyone can be a victim of identity theft, anyone can use our services, and anyone can help us help others. If you found this information useful, please consider donating to the Identity Theft Resource Center to help us keep our services free to the public.