Home Depot has agreed to pay $19.5 million to settle a class action lawsuit on behalf of more than 50 million U.S. consumers who had their credit card information and e-mail addresses stolen in a 2014 data breach. The world’s largest home improvement retailer reached the agreement with plaintiffs’ attorneys after seven months of negotiations.
As part of the settlement agreement Home Depot will set up a $13 million fund to reimburse consumers for time and monetary losses “fairly traceable” to the data breach. The remaining $6.5 million will be used to finance 1.5 years of cardholder identity protection services for victims of the data breach, but only if 40 million eligible class members or fewer make a claim. The company will cover legal fees and related costs through a separate agreement.
Home Depot also agreed to spend the next two years improving its data security and to hire a Chief Security Officer to oversee its information security.
As a term of the settlement, Home Depot does not have to admit any wrongdoing for its role in the data breach. The lawsuit charged that Home Depot was negligent in its handling of computer system security.
The settlement closes the book on litigation between Home Depot and its customers over one of the largest data breaches in history, but lawsuits filed by banks and credit card companies are ongoing.
The data breach was first announced in September 2014 after it was discovered that hackers, using a third party vendor, accessed Home Depot’s network and deposited custom built malware on self-checkout machines in the US and Canada.
From April to September 2014 hackers stole the information of 56 million customers including their debit and credit card numbers, expiration dates, and three-digit security codes as well as their e-mail addresses.
Data breaches like the one at Home Depot have become increasingly common over the last decade. Major breaches involving theft from large companies with the information of tens of millions of customers on file grab headlines, but smaller breaches impacting fewer people are also common.
A data breach announced by the University of Central Florida in February affected 63,000 former students and faculty members. The hack at UCF compromised names and social security numbers.
Hackers don’t typically use stolen personal information themselves, but instead sell it on Internet black markets, where it can be used to commit identity fraud, make fraudulent purchases, and conduct phishing scams.
Sine UCF announced the data breach two lawsuits have been filed, including one by Morgan & Morgan Complex Litigation Group attorney John Yanchunis, the same attorney who was co-lead counsel on the Home Depot data breach lawsuit.
If your personal information was compromised by a data breach you may be entitled to compensation. Morgan & Morgan has attorneys who specialize in this new but rapidly growing practice area. In many data breaches, companies don’t do enough do safeguard customers’ information, and the consumers who trust them with it end up paying the price.
Find out whether you have a claim during a no-cost, no-obligation case review.