Another major step in the Home Depot 2014 breach case has been settled.
Home Depot has agreed to pay $13 million to the victims impacted by the data breach that resulted in payment card data being stolen from more than 50 million consumers. Home Depot also agreed to pay $6.5 million to provide ID protection services for the impacted cardholders, and also took steps to improve its security measures.
As part of the settlement, Home Depot agreed to pay the legal fees of the consumers who filed suits, but as a result did not admit to wrongdoing or liability as part of its settlement terms.
“We wanted to put the litigation behind us, and this was the most expeditious path,” Home Depot spokesman Stephen Holmes said, according to Reuters. “Customers were never responsible for any fraudulent charges.”
This settlement covers 40 million consumers, along with around 52 million to 53 million who had personal information hacked.
Last spring, when the breach was discussed during the company’s earnings, estimates suggested that Home Depot had spent somewhere above $50 million to pay back the costs associated with the attack. But the retailer did not provide any forecast about just how widespread the breach scope could reach at that time.
Home Depot’s data breach officially stole data from more than 56 million payment cards during a five-month assault. Based on the data released from both Home Depot and Target, that number has the Home Depot breach impacting 40 percent more cards than the 40 million from the Target breach that occurred in the final quarter of 2014.
Home Depot said that the attackers used custom-built malware to evade detection. The malware had not been seen previously in other attacks. The malware was believed to have been present between April and September 2014.