Home Depot has cut a deal with 45 states and the District of Columbia and will pay $17.5 million to resolve an investigation of a 2014 data breach, which exposed payment card information of an estimated 40 million Home Depot customers nationwide.
The data breach took place when hackers found their way into the retailer’s computer network and released malware on its self-checkout point-of-sale system. Once that was done, the hackers went on a five-month spree, obtaining the credit and debit card information of customers who used self-checkout lanes at Home Depot stores throughout the U.S.
According to ZDNet’s coverage of the incident, online customers were not involved in the hack.
Home Depot promises better protection
In addition to writing that $17.5 million check, Home Depot has agreed to install and maintain a series of data security practices designed to strengthen its information security program and protect the personal information of customers going forward.
“Businesses that collect or maintain sensitive personal information have an obligation to live up to the trust consumers place in them,” said Attorney General Jennings. “My office will continue to ensure businesses like The Home Depot protect consumers’ information from unlawful use or disclosure.”