Home improvement giant Home Depot reached a $17.5 million settlement for the 2014 breach that exposed the payment card information of 40 million customers.
This amount was set by the attorney generals within the 46 states and the District of Columbia. The Massachusetts Attorney General confirmed the amount on Tuesday, Nov. 24, with the company agreeing to pay the penalty and employing a chief information security officer.
The Department of Justice Consumer Protection Unit secured the settlement, citing weak security walls in place. It can be recalled that Home Depot’s self-checkout point-of-sale system was hacked, with cybercriminals obtaining payment card information.
Hackers obtained substantial information in Home Depot stores all over the United States, between April 10, 2014, to September 13, 2014. Its massive glitch prompt leaders and heads of states to reprimand the company's security practices and tasked Home Depot to strengthen its safeguard program.
Attorney General Jennings said, “Businesses that collect or maintain sensitive personal information have an obligation to live up to the trust consumers place in them. My office will continue to ensure businesses like The Home Depot protect consumers’ information from unlawful use or disclosure.”
Consumers Suffer
Maryland Attorney General Brian Frosh also stands with other state heads citing the need for companies to protect consumer information. Frosh mentioned how personal information can affect or harm people personally and financially.
If companies fail to protect the data, they should be liable for a hefty penalty that exposed millions of consumer information. “The data security measures required by this settlement will help protect the personal information of Marylanders and other consumers through the country,” added Frosh.
Part of the settlement is providing resources necessary to fully implement the company’s information security program, and giving security awareness and privacy training to all relevant personnel.
Home Depot also needs to undergo a security overhaul to monitor and control login credentials, two-factor authentication, integrity monitoring, firewalls, encryption, risk assessments, intrusion detection, and vendor account management.
The home improvement company also needs to have a qualified security officer for both the Senior or C-level executives and the Board of Directors.
More importantly, the company will still need to satisfy the conditions set to evaluate the implementation of the security programs. If the evaluation is clear, the company can go back to regular business without any intrusion.
Other states included are 46 states including the District of Columbia.