The data breach took place when hackers found their way into the retailer’s computer network and released malware on its self-checkout point-of-sale system. Once that was done, the hackers went on a five-month spree, obtaining the credit and debit card information of customers who used self-checkout lanes at Home Depot stores throughout the U.S.
According to ZDNet’s coverage of the incident, online customers were not involved in the hack.
Home Depot promises better protection
In addition to writing that $17.5 million check, Home Depot has agreed to install and maintain a series of data security practices designed to strengthen its information security program and protect the personal information of customers going forward.
“Businesses that collect or maintain sensitive personal information have an obligation to live up to the trust consumers place in them,” said Attorney General Jennings. “My office will continue to ensure businesses like The Home Depot protect consumers’ information from unlawful use or disclosure.”