Home Depot to Pay $19.5 Million to Settle Data Breach Lawsuit

March 9, 2016, Written By Bill Hardekopf
JACKSONVILLE, FL-MARCH 8, 2014: A Home Depot sign in Jacksonvill

Home Depot has agreed to pay $19.5 million to consumers affected by a 2014 data breach, which harmed 56 million cardholders.

The North American home improvement store will create a $13 million fund to reimburse customers for out-of-pocket costs. It will also spend nearly $6.5 million to provide cardholders a year-and-a-half of identity protection services. The company will also pay the legal fees and related costs for cardholders.

Home Depot has agreed to improve its data security over the next two years, and has hired an information security expert to oversee the changes.

The Atlanta-based company has not admitted to any wrongdoing or liability in its settlement, which is awaiting federal court approval.

“We wanted to put the litigation behind us, and this was the most expeditious path,” spokesman Stephen Holmes said. “Customers were never responsible for any fraudulent charges.”

The company has said an intruder used a vendor’s name and password to break into the computer network to steal payment card data. The breach affected U.S. and Canadian shoppers who used self-checkout terminals between April and September 2014.

40 million people had their payment card data stolen, and nearly 53 million people had their email addresses stolen.

Consumer lawyers said the settlement is similar to data breach class action accords, including Target’s $10 million settlement for a 2013 breach.

This agreement settles the 57 proposed class action lawsuits that had been filed in U.S. and Canadian courts, which had been consolidated in the Atlanta court.



The information contained within this article was accurate as of March 9, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.