Home Depot settles data breach class action suit for $19.5 million

March 23, 2016 by

Data SecurityHome Depot agreed to pay $19.5 million to settle claims of consumers impacted by a 2014 data breach.  The data breach was alleged to have involved more than 50 million cardholders.

Under the proposed settlement terms, the home improvement retailer will set up a $13 million fund to reimburse shoppers for out-of-pocket losses, and spend at least $6.5 million to fund 1-1/2 years of cardholder identity protection services.  Home Depot also agreed to improve data security over a two-year period, and hire a chief information security officer to oversee its progress. If the settlement is approved, Home Depot will pay the attorney fees and costs for the class.

Home Depot has said the breach affected people who used payment cards on its self-checkout terminals in U.S. and Canadian stores between April and September 2014.  It has said the intruder used a vendor’s user name and password to infiltrate its computer network, and used custom-built malware to access shoppers’ payment card information.

The case is In re: Home Depot Inc Customer Data Security Breach Litigation, U.S. District Court, Northern District of Georgia, No. 14-md-02583.

Steve Larson
An experienced trial lawyer who handles both hourly and contingent fee cases, Steve has expertise in class actions, consumer cases, antitrust litigation, securities litigation, corporate disputes, intellectual property disputes, unfair competition claims, employment matters, and disputes involving family wealth. Steve regularly represents individuals and businesses in federal and state court and has obtained class-wide recovery in multiple class actions. A veteran practitioner, Steve's clients value his creative approach to resolving complex litigation matters.

Legal Disclaimer

The information contained in this blog does not constitute legal advice, and does not create an attorney-client relationship. We make no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained in or linked to this blog.