Home Depot agreed to pay $19.5 million to settle claims of consumers impacted by a 2014 data breach. The data breach was alleged to have involved more than 50 million cardholders.
Under the proposed settlement terms, the home improvement retailer will set up a $13 million fund to reimburse shoppers for out-of-pocket losses, and spend at least $6.5 million to fund 1-1/2 years of cardholder identity protection services. Home Depot also agreed to improve data security over a two-year period, and hire a chief information security officer to oversee its progress. If the settlement is approved, Home Depot will pay the attorney fees and costs for the class.
Home Depot has said the breach affected people who used payment cards on its self-checkout terminals in U.S. and Canadian stores between April and September 2014. It has said the intruder used a vendor’s user name and password to infiltrate its computer network, and used custom-built malware to access shoppers’ payment card information.
The case is In re: Home Depot Inc Customer Data Security Breach Litigation, U.S. District Court, Northern District of Georgia, No. 14-md-02583.