Home Depot has agreed to pay a settlement of $17.5 million in a multi-state investigation of a data breach suffered by the company in 2014.
Delaware Attorney-General Kathy Jennings announced the settlement in which a total of 46 states, as well as the District of Columbia, have reached a resolution with the company.
Home Depot confirmed about the cyberattack on their payment systems in 2014 affecting customers across the US and Canada.
The breach started in April 2014 and was detected only in September. Around 40 million Home Depot customers were impacted by the PoS malware, which remained hidden on the company’s self-checkout systems for months.
The threat actors can use the information to make fraudulent purchases online or to create duplicate cards, in order to steal from consumer bank accounts.
Along with the settlement, Home Depot also agreed to implement and maintain new security practices in the future. These include employing a chief information security officer (CISO), providing security awareness training, and rolling out network access security improvements, two-factor authentication (2FA) standards etc.
Massachusetts AG Maura Healey stated that this settlement ensures Home Depot complies with the state’s strong data security law and requires the company to take steps to protect consumer information from illegal use or disclosure.
During the Home Depot’s breach, online customers were not involved and now six years later we are seeing more of payment card information being harvested across e-commerce websites in what is known as Magecart attacks.
Image Credits : American Stock Research