Skip to main content

Home Depot agrees to pay customers $20M to settle that massive 2014 hack

home depot security breach settlement
Mike Mozart/Flickr
Home Depot’s security breach 18 months ago was hugely embarrassing for the company, and only now is it coming near to finally bringing the matter to a close.

The retail giant said Tuesday it’s agreed to pay a minimum of $19.5 million in compensation to customers caught up in the incident that saw cybercriminals nab payment card information and email addresses belonging to tens of millions of Home Depot shoppers.

If approved by the courts, the settlement will take care of nearly 60 proposed class-action lawsuits that resulted from the security breach, though Home Depot has always denied any wrongdoing or liability.

The agreement includes the launch of a $13-million fund to reimburse Home Depot customers for any losses – including legal fees – incurred as a result of the hack, and the retailer will also pay for 18 months of cardholder protection services at a cost of at least $6.5 million.

Home Depot spokesperson Stephen Holmes told Reuters, “We wanted to put the litigation behind us, and this was the most expeditious path,” adding, “Customers were never responsible for any fraudulent charges.”

The security breach, which took place between April and September 2014, saw hackers steal payment card information belonging to around 40 million Home Depot shoppers, and also a database of up to 53 million customer email addresses.

Home Depot said at the time that that hackers had accessed its computer network through the use of a third-party vendor’s username and password, explaining: “The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on [our] self-checkout systems in the U.S. and Canada.”

The hack occurred alongside other similar high-profile incidents, and came a few months after Target revealed cybercriminals had stolen personal data belonging to around 100 million of its own customers.

In May 2015, Target agreed to pay $10 million to shoppers affected by the breach, and later in the year settled with Visa in a deal worth $67 million to compensate banks and other firms that issue its cards. The payout took care of costs incurred by card issuers as a result of the hack, covering actions such as sending out new cards and dealing with any resulting fraud.

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Another big sale is happening at the same time as Prime Day
A variety of electronic devices in open boxes.

Target just revealed that Target Circle Week will run from July 9 to July 15, overlapping with Amazon's Prime Day that's scheduled for July 11 to July 12.

The big sale event will be open to members of the retailer's Target Circle loyalty program, who will be able to receive discounts of up to 50% for certain items. If you're not yet a member, don't worry -- you can join at any time, and membership is free. Once you've signed up, you'll be able to earn 1% from every purchase to redeem at a later time, access exclusive deals, and get 5% off for your birthday, among other benefits.

Read more
The best free parental control software for PC, Mac, iOS, and Android
Man using computer.

Everything in this world has gone digital, and that includes homework (if you have kids). If your children are young, you’re probably not giving them laptops or free rein of the family computer yet. You’re also probably not always able to monitor their screen activity, either.

That’s where parental control software comes in handy. Such software helps keep your kids safe from the dark web, and there are usually free options available for all operating systems. Keep reading to find out more.
Built-in OS features
Giving your kids technology designed for their age group is an excellent first step toward keeping them safe online. When they have access to more general computing devices, you can leverage parental control features built right into the operating system. The parental controls for both Windows and macOS provide a convenient and acceptable means for restricting web access and chat functionality, and give parents the ability to view detailed logs and monitor email exchanges.
Microsoft Family Safety

Read more
How to deactivate your Instagram account (or delete it)
Instagram login screen.

If you’re getting a bit tired of Instagram, you might want to consider deactivating your account. With Instagram, you have two choices: You can learn how to deactivate your account, or you can delete it completely. We’ll review both options, so you can decide if you’d rather take a break or cut ties with Instagram forever. Just be cautious, as deleting your Instagram account removes all of your content permanently, and you won’t be able to get it back.

Read more