The cost of Home Depot's breach mounts as the retail firm will pay out US$25 million (£20 million) to the affected parties. Home Depot settled in an Atlanta Federal court, agreeing not only to pay out millions of dollars but to improve its security measures.
Home Depot will be paying the sum into a settlement fund. Those who had money stolen in the wake of the 2014 breach will be entitled to 60 percent of their losses as long as they can provide valid documentation. The retail giant has also promised as part of the settlement to update its security posture and data protection policies as well as pay the legal fees attendant to the settlement.
The 2014 breach affected 50 million customers whose email and credit card information was stolen by hackers who breached the company's check out machines. In September 2014, Home Depot admitted that its payment systems had been compromised and hackers had accessed the financial information of 56 million customers. It quickly offered credit monitoring services and compensation to affected customers. Quickly after, affected parties filed a class action suit against Home Depot.
This is yet another entry in the long list of costs that Home Depot has accrued in the wake of its breach. This is one of the first landmark civil suits in which a large company has been sued for a breach. The company has paid out over US$134.5 million (£110 million) in compensation to financial institutions and credit card companies in the wake of the breach.
Fortune Magazine estimates the costs to come to at “least” US$179 million (£147 million). Although other legal fees and payouts may make the final bill much higher.John Madelin, CEO at RelianceACSN told SC, “What was shocking about this case was that it was the major compromise of the ‘crown jewels' in a retailer's business. But despite this, it took Home Depot six months to identify there was an issue, by which time around 56 million cards had been compromised. The high settlement reflects the fact that the security of consumer details and other critical data needs to be a business' number one priority. Organisations can no longer afford to accept that a security breach will be ‘inevitable' when a breach will cost them over $179 million.”