Home Depot to pay nearly $20M over 2014 data breach that affected more than 40M customers

  • Print.

A 2014 data breach that affected more than 40 million credit and debit cardholders is going to cost Home Depot nearly $20 million in consumer compensation in order to resolve a federal lawsuit.

Without admitting liability, the company has agreed to improve data security plus pay $13 million in reimbursement for out-of-pocket losses to shoppers and at least $6.5 million for 18 months of identity protection services to cardholders, Reuters reports.

Another group of over 50 million customers—some of whom overlap with the cardholder group—also are included in the pact because their email addresses were stolen.

Additional legal fees and costs for customers will be paid separately.

A Monday filing in federal court in Atlanta, where Home Depot has its headquarters, confirms the settlement agreement. It must be OK’d by the court before it is final. The consolidated case involves at least 57 separate lawsuits, Reuters reports.

The company says individuals affected used payment cards in self-checkout lanes at some 2,200 stores in the U.S. and Canada between April 2014 and September 2014.

Using a vendor’s name and password, a hacker got into Home Depot’s computer network. Then custom malware was installed to obtain cardholder information.

Related coverage: “Home Depot confirms data breach”

Give us feedback, share a story tip or update, or report an error.