MONEY

Home Depot Will Reimburse Customers $13 Million for Data Breach

Inside A Home Depot Inc. Store Ahead Of Earnings Figures
Bloomberg via Getty Images The Empire State building stands past Home Depot Inc. signage displayed outside a store in Jersey City, New Jersey, U.S., on Saturday, Feb. 20, 2016.

The retailer will set up a $13 million fund to reimburse shoppers and spend at least $6.5 million on identity protection services.

Home Depot THE HOME DEPOT INC. HD -0.75% agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders.

The home improvement retailer will set up a $13 million fund to reimburse shoppers for out-of-pocket losses, and spend at least $6.5 million to fund 1-1/2 years of cardholder identity protection services.

Home Depot also agreed to improve data security over a two-year period, and hire a chief information security officer to oversee its progress. It will separately pay legal fees and related costs for affected consumers.

Terms of the preliminary settlement were disclosed in papers filed on Monday with the federal court in Atlanta, where Home Depot is based.

Home Depot did not admit wrongdoing or liability in agreeing to settle. The settlement requires court approval.

“We wanted to put the litigation behind us, and this was the most expeditious path,” spokesman Stephen Holmes said. “Customers were never responsible for any fraudulent charges.”

Home Depot has said the breach affected people who used payment cards on its self-checkout terminals in U.S. and Canadian stores between April and September 2014.

It has said the intruder used a vendor’s user name and password to infiltrate its computer network, and used custom-built malware to access shoppers’ payment card information.

The accord covers about 40 million people who had payment card data stolen, and 52 million to 53 million people who had email addresses stolen, with some overlap between the groups.

Home Depot said in November it had incurred $152 million of pre-tax expenses from the breach, after accounting for expected insurance proceeds.

Lawyers for the consumers said the accord compares “favorably” with other data breach class actions, including Target’s TARGET CORP. TGT 0.31% $10 million settlement over a 2013 data breach that compromised at least 40 million cards.

Legal fees and costs for the lawyers could top $8.7 million, court papers showed.

At least 57 proposed class action lawsuits were filed in U.S. and Canadian courts over the data breach. The U.S. cases were consolidated in the Atlanta court.

The case is In re: Home Depot Customer Data Security Breach Litigation, U.S. District Court, Northern District of Georgia, No. 14-md-02583.
Additional reporting by Nate Raymond

Tap to read full story

Your browser is out of date. Please update your browser at http://update.microsoft.com


YOU BROKE MONEY.COM!

Dear MONEY Reader,

As a regular visitor to MONEY.com, we are sure you enjoy all the great journalism created by our editors and reporters. Great journalism has great value, and it costs money to make it. One of the main ways we cover our costs is through advertising.

The use of software that blocks ads limits our ability to provide you with the journalism you enjoy. Consider turning your Ad Blocker off so that we can continue to provide the world class journalism you have become accustomed to.

The MONEY Team