Home Depot agrees to pay $17.5 million to settle 2014 monthslong data breach
Home Depot has reached a $17.5 million settlement with the attorney generals of 46 states, including Virginia, and the District of Columbia over a 2014 data breach that exposed the payment card information of some 40 million customers.
Virginia Attorney General Mark R. Herring’s office said the chain agreed to pay the state $299,561.60.
Under the terms of the settlement announced Tuesday, Home Depot also agreed to employ a fulltime chief information security officer and provide the necessary resources to fully implement the company’s information security program among other measures.
“Businesses that collect or maintain sensitive personal information have a heightened duty to keep that information secure,” Herring said in a statement. “These companies must make it a top priority to implement and adhere to reasonable practices and procedures that will protect consumers’ information from bad actors.”
Cybercriminals hacked into Home Depot’s selfcheckout point-of-sale systems using a third-party vendor’s username and password and installed malware that harvested the customer data from April through September 2014.