U.S. Markets closed
  • S&P 500

    3,768.25
    -27.29 (-0.72%)
     
  • Dow 30

    30,814.26
    -177.26 (-0.57%)
     
  • Nasdaq

    12,998.50
    -114.14 (-0.87%)
     
  • Russell 2000

    2,123.20
    -32.15 (-1.49%)
     
  • Crude Oil

    52.06
    -1.51 (-2.82%)
     
  • Gold

    1,827.50
    -23.90 (-1.29%)
     
  • Silver

    24.80
    -1.01 (-3.90%)
     
  • EUR/USD

    1.2085
    -0.0079 (-0.6526%)
     
  • 10-Yr Bond

    1.0970
    -0.0320 (-2.83%)
     
  • Vix

    24.34
    +1.09 (+4.69%)
     
  • GBP/USD

    1.3583
    -0.0057 (-0.4143%)
     
  • USD/JPY

    103.8710
    +0.0290 (+0.0279%)
     
  • BTC-USD

    36,282.85
    -1,555.80 (-4.11%)
     
  • CMC Crypto 200

    694.13
    -41.02 (-5.58%)
     
  • FTSE 100

    6,735.71
    -66.25 (-0.97%)
     
  • Nikkei 225

    28,519.18
    -179.08 (-0.62%)
     

Home Depot reaches $17.5 million settlement over 2014 data breach

Jonathan Stempel
·1 min read
A shopper reaches for merchandise at a Home Depot store in Wilmington

By Jonathan Stempel

(Reuters) - Home Depot Inc, the largest U.S. home improvement retailer, on Tuesday reached a $17.5 million settlement to resolve a multistate probe into a 2014 data breach where hackers accessed payment card data belonging to 40 million customers.

The settlement with 46 U.S. states and Washington, D.C., stemmed from a breach between April 10, 2014, and Sept. 13, 2014, affecting customers who used self-checkout terminals at its U.S. and Canadian stores.

Hackers used a vendor's user name and password to infiltrate Home Depot's network, and deployed custom-built malware to access customers' payment card information.

The Atlanta-based retailer previously said at least 52 million people also had their email addresses exposed, partially overlapping those whose payment card data was compromised.

Home Depot did not admit liability in agreeing to the settlement, which requires that it hire a chief information security officer, and upgrade its security procedures and training. The probe was led by Connecticut, Illinois and Texas.

Companies that collect sensitive personal information from customers "have an obligation to protect that information from unlawful use or disclosure," Connecticut Attorney General William Tong said in a statement. "Home Depot failed to take those precautions."

In a statement, Home Depot said security is a top priority, and that it has since 2014 "invested heavily to further secure our systems. We’re glad to put this matter behind us."

Home Depot had previously recorded $198 million of pretax expenses for the breach, and resolved litigation by customers, card issuers and banks that claimed they were harmed.

(Reporting by Jonathan Stempel in New York Editing by David Evans and Matthew Lewis)