Home Depot Reaches Settlement, and unless you’re a regular Home Depot shopper, you may miss the fact that back in 2014, the company was the victim of a successful hacking attack that saw malware installed on its POS (Point of Sale) system.
The attack allowed them to collect more than 40 million records belonging to customers in both the US and Canada.
As a consequence of the hack, 46 states and the District of Columbia filed a lawsuit against the company. Home Depot Reaches Settlement to the tune of $17.5 million. In addition to the fine, Home Depot has to implement several improvements to its security system designed to minimize their customers’ risk in the future.
Massachusetts Attorney General Maura Healey had this to say about Home Depot’s Settlement, “Retailers must take meaningful steps to protect consumers’ credit and debit card information from theft when they shop. This settlement ensures Home Depot complies with our state’s strong data security law and requires the company to take steps to protect consumer information from illegal use or disclosure.”
Our view is that Ms. Healey overstates the impact of the outcome of the suit. Home Depot’s fine is a pittance, amounting to less than fifty cents per compromised customer record. Any company who wants to stay in business today and age shouldn’t need to have a lawsuit to follow current IT Security Best Practices.
The settlement of Home Depot’s lawsuit resulted in some positive changes, although they are too late to make a difference for the 40 million customers already impacted.
What’s the state of your company’s security? If you’re not sure, there’s no time like the present to review it carefully.