Home Depot will pay $25 million to financial institutions to compensate them for the costs of a 2014 data breach in which 40 million consumers had payment card data stolen, as well as 52 million to 53 million who had their email addresses stolen (there was overlap between the groups). The agreement comes about three months after a judge ruled that the retailer’s investors cannot sue its board of directors over the breach.
The breach already had cost the company $261 million in pretax gross expenses, partially offset by $100 million in expected insurance proceeds, according to an SEC filing. Last year, Home Depot also agreed to pay nearly $20 million to victims of the company’s 2014 data breach. That settlement also required the retail giant to bolster its data security measures.
One of the plaintiffs said the new settlement represents “one of the better outcomes” in data breach cases. “Credit unions and their members have unfortunately borne the brunt of lax merchant data security standards,” said Jim Nussle, president and CEO of the Credit Union National Association. “This settlement would be a step toward making them whole again.”
The deal also calls for the retail chain to pay unspecified attorney fees and to deploy “enhanced security measures to reduce the risk of a future data breach.”
- Home Depot Possibly Hit with Breach
- Judge Tosses out Shareholder Suit Related to Home Depot Breach
- Judicial Panel Transfers Home Depot Antitrust Case against Mastercard, Visa
Image Credits: Shutterstock/wk1003mike