Home Depot to Pay $19.5 Million to Settle Data Breach Lawsuit
Home Depot has agreed to pay $19.5 million to consumers affected by a 2014 data breach, which harmed 56 million cardholders.
The North American home improvement store will create a $13 million fund to reimburse customers for out-of-pocket costs. It will also spend nearly $6.5 million to provide cardholders a year-and-a-half of identity protection services. The company will also pay the legal fees and related costs for cardholders.
Home Depot has agreed to improve its data security over the next two years, and has hired an information security expert to oversee the changes.
The Atlanta-based company has not admitted to any wrongdoing or liability in its settlement, which is awaiting federal court approval.
“We wanted to put the litigation behind us, and this was the most expeditious path,” spokesman Stephen Holmes said. “Customers were never responsible for any fraudulent charges.”
The company has said an intruder used a vendor’s name and password to break into the computer network to steal payment card data. The breach affected U.S. and Canadian shoppers who used self-checkout terminals between April and September 2014.
40 million people had their payment card data stolen, and nearly 53 million people had their email addresses stolen.
Consumer lawyers said the settlement is similar to data breach class action accords, including Target’s $10 million settlement for a 2013 breach.
This agreement settles the 57 proposed class action lawsuits that had been filed in U.S. and Canadian courts, which had been consolidated in the Atlanta court.