Home Depot to Pay $27M Over Data Breach

The settlement with affected financial institutions brings Home Depot's total payouts related to the massive 2014 hack to around $180 million.
Matthew HellerMarch 10, 2017
Home Depot to Pay $27M Over Data Breach

In the latest settlement of legal claims arising out of a massive 2014 data breach at Home Depot, the retailer has agreed to pay $27.25 million to affected financial institutions.

Banks that file valid claims will get a “fixed payment award” of about $2 per compromised payment card without having to prove their losses, even if they have received compensation from another source.

Those that can prove their losses may get an additional “documented damages award” of up to 60% of their uncompensated costs, according to the settlement documents.

Drive Business Strategy and Growth

Drive Business Strategy and Growth

Learn how NetSuite Financial Management allows you to quickly and easily model what-if scenarios and generate reports.

“Credit unions and their members have unfortunately borne the brunt of lax merchant data security standards,” Jim Nussle, chief executive of the Credit Union National Association, said in a news release. “This settlement would be a step toward making them whole again.”

Home Depot disclosed in September 2014 that hackers stole payment card data from customers who made purchases at self-checkout terminals between April 10, 2014, and Sept. 13, 2014. The hackers also stole a separate file of customer email addresses.

In addition to the class action settlement announced this week, Home Depot has paid at least $134.5 million in compensation to consortia made up of Visa, MasterCard, and various banks. Consumers last year received a $19 million settlement that included a $13 million cash fund as well as $6 million in credit monitoring services.

“The discrepancy between the payments to consumers and banks arises because the latter can show clear damages from the breach, such as fraudulent transactions and lost credit card fees,” Fortune explained. “Consumers, on the other hand, were made good for any unauthorized purchases.”

For Home Depot, the cost of the breach is at least $179 million, according to court documents. “The final total, though, is likely to be much higher because of legal fees and any other undisclosed payouts,” Fortune said.

As part of the latest settlement, Home Depot also agreed to track and manage its data security risk assessments using a risk-exception process, conduct annual reviews of service providers and vendors that have access to payment card information, and create a security-control framework.

4 Powerful Communication Strategies for Your Next Board Meeting