Home Depot settles with states over 2014 data breach

Getty Images

Home Depot on Tuesday announced it has settled a multistate investigation into a data breach six years ago for $17.5 million.

The breach, occurring between April 10 and Sept. 13, 2014, is believed to have affected up to 40 million customers. Hackers were able to enter the retailer’s network and access credit card information from customers who had used the stores’ self-checkout terminals, Reuters reported.

Under the settlement, the company agreed to make upgrades to its security and hire a chief information security officer. It did not admit liability in the settlement.

It will also submit to an information security assessment to analyze its compliance with the agreement, which is standard procedure following a state data breach settlement.

Forty-six states and the District of Columbia were party to the settlement, which stemmed from a probe led by Connecticut, Illinois and Texas.

“Companies like Home Depot who collect sensitive personal information from their customers have an obligation to protect that information from unlawful use or disclosure,” Connecticut Attorney General William Tong said in a statement.

“Home Depot failed to take those precautions, and as a result exposed the payment card information of 40 million of their customers. Connecticut co-led this investigation and settlement, and will continue to lead the nation in enforcing rigorous compliance with state consumer privacy laws,” Tong added.

Connecticut will receive $1.09 million under the terms of the settlement.

The company said in its own statement that in the six years since the breach, it has “invested heavily to further secure our systems.”

“We’re glad to put this matter behind us,” the company added. 

Tags Data breach Data security Home Depot Security breaches

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.