Home Depot to pay $19.5 million for data breach

according to a report from Reuters The home improvement retailer also agreed to improve data security over a two-year period and hire a chief information security officer to oversee its progress. It will separately pay legal fees and related costs for affected consumers. The breach affected people who used payment cards on its self-checkout terminals in U.S. and Canadian stores between April and September 2014. Home Depot has said the intruder used a vendor’s user name and password to infiltrate its computer network, and used custom-built malware to access shoppers’ payment card information. The accord covers about 40 million people who had payment card data stolen, and 52 million to 53 million people who had email addresses stolen, with some overlap between the groups. “We wanted to put the litigation behind us, and this was the most expeditious path,” spokesman Stephen Holmes said. “Customers were never responsible for any fraudulent charges.” Home Depot did not admit wrongdoing or liability in agreeing to settle. Information protection is a critical concern for any business hoping to prevent an embarrassing and costly data breach that can harm a company’s reputation and bottom line. This case is just one example among many of why businesses need to protect data.]]>