ATLANTA – Atlanta-based The Home Depot has agreed to pay a $17.5 million settlement with 46 states including Georgia over a 2014 data breach
The settlement, announced Tuesday, resolves a multistate investigation of a data breach involving the payment card information of about 40 million Home Depot customers nationwide. Georgia’s share of the agreement will total more than $356,000.
“Our office will continue to do all we can to protect consumers and their personally identifiable information,” Georgia Attorney General Chris Carr said. “It is important to remember that in a world where cybersecurity threats are evolving, so too must our efforts to combat them. That means we must all remain vigilant.”
The breach occurred when hackers gained access to The Home Depot’s network and deployed malware on the retailer’s self-checkout point-of-sale system. The malware let the hackers obtain the payment card information of customers who used self-checkout lanes at The Home Depot stores across the country between April 10 and Sept. 13 of 2014.
Carr said The Home Depot has taken steps to correct the situation. In addition to the $17.5 million settlement payment, the company has agreed to strengthen its information security program to better protect the personal information of consumers.
Specific steps include hiring a chief information security officer who will report directly to senior executives and members of The Home Depot’s board, providing security awareness and privacy training to all personnel who have access to the company’s network and employing security safeguards for log-ins, password management, firewalls, encryption and intrusion detection.