Home Depot to Pay $19.5M in Data Breach Class Suit

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

March 8 — Home Depot Inc. agreed March 7 to pay at least $19.5 million to settle consumer class claims arising from a 2014 data breach that allegedly affected up to 56 million customers.

Under the terms of the settlement, filed in the U.S. District Court for the Northern District of Georgia, Home Depot agreed to pay $13 million into the settlement fund and an additional $6.5 million to pay for 18 months of identity protection services for each class member who used a debit or credit card at a compromised checkout lane.

Home Depot will also be responsible for attorneys' fees and costs.

It also agreed to adopt enhanced data security measures including: the creation of a Chief Information Security Officer, product and data risk assessments and increased encryption precautions on debit and credit card transactions.

In September 2014, Home Depot confirmed—after an internal investigation—that it experienced a data breach affecting payment information of up to 56 million customers .

The consolidated class complaint claimed that Home Depot was “willfully dismissive” of its data security practices and that it failed to take the necessary steps to protect consumer personal and financial data.

Harris Penn Lowry, LLP, Morgan & Morgan Complex Litigation Group, The Barnes Group, LLC and Stueve Siegel Hanson LLP are consumer class counsel. King & Spalding LLP represent Home Depot.

To contact the reporter on this story: Daniel R. Stoller in Washington at dstoller@bna.com

To contact the editor responsible for this story: Jimmy H. Koo at jkoo@bna.com

For More Information