Home Depot Still Paying for 2014 Data Breach

Home Depot Still Paying for 2014 Data Breach

Home Depot 2014 Data Breach

Home Depot agrees to pay $25 Million more as a result of their 2014 data breach.

Earlier this month Home Depot reached an agreement to pay $25 million more to banks and credit unions as a result of the company’s massive 2014 data breach.  The $25 million is in addition to the $130 million or more that Home Depot has already paid to card companies and financial institutions. According to Fortune, with legal fees added, the total amount paid by Home Depot is anticipated to be over $179 million dollars.

Home Depot also agreed that in addition to the $25 million being paid to banks and credit unions, the company will make significant security upgrades to prevent similar breaches in the future.

Lax security practices lead to the companies data breach

“Credit unions and their members have unfortunately borne the brunt of lax merchant data security standards. This settlement would be a step toward making them whole again. We believe this settlement represents one of the better outcomes in data breach litigation,” said CUNA President/CEO Jim Nussle.

The financial institutions and banks successfully argued that Home Depot had lax security practices, which led to the 2014 data breach.  According to court documents, the “investigation revealed hackers placed malware on Home Depot’s self-checkout kiosks in stores across the country, allowing them to steal customers’ personal financial information, including names, payment card numbers, expiration dates, and security codes.”

Once the cybercriminals had access to Home Depot’s sensitive financial data, it was sold over the Internet, resulting in a massive amount of fraudulent transactions. Up to 56 million Home Depot customers who shopped at the companies retails stores in the U.S. and Canada (between April 2014 and September 2014) may have had their payment card information compromised.

From what we know about the circumstances surrounding the attack, there are many areas where Home Depot could have and should have upgraded their security systems before the attack occurred. One of their major flaws was to rely on legacy malware detection products that just weren’t up to the task of identifying this sort of malware attack.

Click here to learn more about the Lastline solution.

Brian Laing

Brian Laing

For more than 20 years, Brian Laing has shared his strategic business vision and technical leadership with a range of start-ups and established companies in various executive level roles. The author of “APT for Dummies,” he was previously vice president of AhnLab, where he directed the US operations of the internationally known security and software leader. Brian previously founded Hive Media where he served as CEO. He co-founded RedSeal Systems, where he conceived the overall design and features of the product and was granted two patents related to network security. He was also founder and CEO of self-funded Blade Software, who released the industry’s first commercial IPS/FW testing tool.
Brian Laing