Believe it or not, Home Depot has accepted a $17.5 million settlement for a data breach investigation that occurred to the company far in 2014. 

The company itself confirmed that this happened to their payment systems, which indeed impacted customers across Canada and the US. 

+6 years have passed but they will still pay it. Would you like to know why?

Home Depot $17.5 Million Data Breach Settlement

It was Kathy Jenning, Delaware’s Attorney-general who announced the settlement. A total of 46 states, including the District of Columbia, have gotten a resolution with the retailer. 

Home Depot also agreed to implement and maintain new security practices, like:

  • employing a qualified chief information security officer who will report to both senior or C-suite executives and the board of directors regarding Home Depot’s security posture and identified security risks;

 

  • ensuring the company allocates appropriate resources to implement and maintain its information security program;

 

  • providing appropriate security awareness and privacy training to all personnel who have access to the company’s network or who is otherwise responsible for processing U.S. consumers’ personal information;

 

  • employing specific information security safeguards for logging and monitoring, access controls, password management, two-factor authentication, file integrity monitoring, firewalls, encryption, risk assessments, penetration testing, intrusion detection, and vendor management; and

 

  • undergoing an assessment that will evaluate, in part, Home Depot’s implementation of the information security program and controls described above.

Alongside the settlement, Home Depot has agreed to implement and maintain new security practices in the future. 

Back in April of 2014, over 40 million Home Depot customers got hit by the PoS malware, but only remained hidden on the self-checkout systems for months.

It was detected in September of the same year while mirroring a malware that affected rival retailer Target one year before The mentioned point-of-sale infected malware was able to steal payment card data. 

All of the information could be used to purchase online. The alternative fear was for the creation of clone cards, where it could lead to empty ban accounts and down-to-the-floor credit scores.

Maura Healy (Massachusetts AG) said that “Retailers must take meaningful steps to protect consumers’ credit and debit card information from theft when they shop.

Hopefully, this settlement ensures that such a huge company like Home Depot complies with the state’s strong data security law, protecting consumer information from illegal use or disclosure, at all costs.

Of course, these words shouldn’t pass by so easily.

This is not the first time that a data breach of this caliber and focused on a similar industry occurs. It surely won’t be the last one either.

If you read this after 2020, then more than six years have gone through when Magecart attacks occurred. And so far, CC information harvesting across e-commerce websites keeps happening. 

Back then, Magecart participants exploited vulnerabilities in online commerce platforms to infiltrate into corporate networks. 

They deployed Javascript code and stolen payment information submitted by customers. 

You can read more about e-commerce Cybersecurity from another blog post we wrote a few weeks ago. It’s down below

Suggested Article: Ecommerce Cybersecurity in 2020: This Is Why Your Store is Vulnerable

Now, let’s take a look at this case with a whole new pair of glasses:

What would you do if something like this happens to your business?

Please, let me know in the comments below…

Because I’m quite sure that you wouldn’t like your business going broke after it.

MyITGuy’s cybersecurity experts can prevent that from happening, right now.