Skip to main content
close search
site logo
Dive Brief

Home Depot codifies data reforms in $17.5M breach settlement with states

Published Nov. 25, 2020
David Jones's headshot
Reporter
Permission granted by Home Depot

Dive Brief:

  • The Home Depot reached a $17.5 million multistate settlement to resolve an investigation into its 2014 data breach that compromised the payment information of 40 million customers around the country. 
  • As part of the agreement, Home Depot agreed to employ a chief information security officer who reports directly to the board of directors and senior/C-level executives, according to New York State Attorney General Letitia James. 
  • Home Depot also agreed to provide security training to all workers with access to the company network or access to customer information, according to the announcement. It will also employ security safeguards including encryption, password management, two-factor authentication, logging and penetration testing. 

Dive Insight:

The data breach occurred after hackers put malware on Home Depot's point-of-sale system, which allowed them to gain access to the company's self-checkout sales across the U.S. from April 10 through Sept. 13, 2014. Despite the settlement, Home Depot has already spent years shoring up its security posture.

Home Depot has taken several steps to protect customers, including following the National Institute of Standards and Technology Cybersecurity Framework, company spokesperson Sara Gorman said.

The company hired its first officer level CISO in 2015 following the data breach. It also has a Data Security and Privacy Governance Committee that provides enterprise-level oversight and governance over data protection and cybersecurity. The committee provides regular reports to the company Audit Committee and Board. 

Steve Adegbite was named CISO at Home Depot in August 2018, after the home improvement retailer's first CISO Jamil Farshchi went to Equifax in February of that year to help the credit reporting agency recover from a massive data breach. Stephen Ward was named CISO at Home Depot in January 2019.

Home Depot also paid $19.5 million to settle litigation by consumers.

"We're glad to put this matter behind us and continue to focus on serving our customers," Gorman said via email. "Security has always been a top priority for The Home Depot. When this occurred six years ago, we moved quickly to inform and protect our customers, offering more than 50 million customers free identity protection services, including free credit monitoring."

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell