Richmond Times-Dispatch

Home Depot agrees to pay $17.5 million to settle 2014 monthslong data breach


Home Depot has reached a $17.5 million settlement with the attorney generals of 46 states, including Virginia, and the District of Columbia over a 2014 data breach that exposed the payment card informatio­n of some 40 million customers.

Virginia Attorney General Mark R. Herring’s office said the chain agreed to pay the state $299,561.60.

Under the terms of the settlement announced Tuesday, Home Depot also agreed to employ a fulltime chief informatio­n security officer and provide the necessary resources to fully implement the company’s informatio­n security program among other measures.

“Businesses that collect or maintain sensitive personal informatio­n have a heightened duty to keep that informatio­n secure,” Herring said in a statement. “These companies must make it a top priority to implement and adhere to reasonable practices and procedures that will protect consumers’ informatio­n from bad actors.”

Cybercrimi­nals hacked into Home Depot’s selfchecko­ut point-of-sale systems using a third-party vendor’s username and password and installed malware that harvested the customer data from April through September 2014.

Newspapers in English

Newspapers from United States