For Immediate Release:
Tuesday, November 24, 2020
Laura Brewer (919) 716-6484
(RALEIGH) Attorney General Josh Stein today obtained a $17.5 million multistate settlement against Georgia-based retailer The Home Depot to resolve an investigation over a 2014 data breach. The breach exposed the payment information of approximately 40 million Home Depot customers. North Carolina will receive $623,440.65.
“When customers choose to buy goods and services from a company, they’re trusting that their financial information will be secure,” said Attorney General Josh Stein. “Home Depot failed to protect its customers’ data, and I’m pleased that the company will do more to safeguard information as a result of today’s settlement.”
The breach occurred when hackers gained access to Home Depot’s network and deployed malware on its self-checkout point-of-sale system. Between April 10, 2014, and Sept. 13, 2014, the hackers used the malware to obtain the payment card information of customers who used self-checkout lanes at Home Depot stores.
Home Depot has also agreed to implement a series of data security practices to maintain information security, including:
- Hiring a Chief Information Security Officer.
- Providing the necessary resources to implement an information security program.
- Providing appropriate security awareness and privacy training to all personnel who have access to the company’s network or responsibility for U.S. consumers’ personal information.
- Employing specific security safeguards.
- Undergoing a post-settlement information security assessment that will evaluate the company’s information security program implementation.
Attorney General Stein is joined in today’s settlement by the Attorneys General of Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, District of Columbia, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Jersey, New Mexico, New York, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, Washington, West Virginia, and Wisconsin.
More on Attorney General Stein’s work to protect North Carolinians’ personal and financial information:
- Attorney General Josh Stein Announces $5 Million Settlement with Community Health Systems
- Attorney General Josh Stein Reaches $39.5 Million Multistate Data Breach Settlement with Anthem
- Attorney General Josh Stein Calls on Tech Companies to Keep Contact Tracing Information Secure