Home Depot Still Paying for 2014 Data Breach
Home Depot agrees to pay $25 Million more as a result of their 2014 data breach.
Earlier this month Home Depot reached an agreement to pay $25 million more to banks and credit unions as a result of the company’s massive 2014 data breach. The $25 million is in addition to the $130 million or more that Home Depot has already paid to card companies and financial institutions. According to Fortune, with legal fees added, the total amount paid by Home Depot is anticipated to be over $179 million dollars.
Home Depot also agreed that in addition to the $25 million being paid to banks and credit unions, the company will make significant security upgrades to prevent similar breaches in the future.
Lax security practices lead to the companies data breach
“Credit unions and their members have unfortunately borne the brunt of lax merchant data security standards. This settlement would be a step toward making them whole again. We believe this settlement represents one of the better outcomes in data breach litigation,” said CUNA President/CEO Jim Nussle.
The financial institutions and banks successfully argued that Home Depot had lax security practices, which led to the 2014 data breach. According to court documents, the “investigation revealed hackers placed malware on Home Depot’s self-checkout kiosks in stores across the country, allowing them to steal customers’ personal financial information, including names, payment card numbers, expiration dates, and security codes.”
Once the cybercriminals had access to Home Depot’s sensitive financial data, it was sold over the Internet, resulting in a massive amount of fraudulent transactions. Up to 56 million Home Depot customers who shopped at the companies retails stores in the U.S. and Canada (between April 2014 and September 2014) may have had their payment card information compromised.
From what we know about the circumstances surrounding the attack, there are many areas where Home Depot could have and should have upgraded their security systems before the attack occurred. One of their major flaws was to rely on legacy malware detection products that just weren’t up to the task of identifying this sort of malware attack.
Click here to learn more about the Lastline solution.
Latest posts by Brian Laing (see all)
- Malware-as-a-Service: The 9-to-5 of Organized Cybercrime - March 8, 2018
- Malware Detection—Discovering Cross-Site Scripting Attacks - November 9, 2017
- NSS Labs Shows Lastline’s Exceptional Value for Breach Detection - November 1, 2017