The Home Depot has reached a $17.5 million settlement with 46 states including, Ohio, Indiana, and Kentucky, after experiencing a data breach six years ago, officials say.
In 2014, the breach exposed the payment card information of nearly 40 million Home Depot consumers across the United States.
Hackers were able to gain access to the home improvement company’s network and distributed malware on the company’s self-checkout point-of-sale system at the time of the breach. Between April 10, 2014, and Sept. 13, 2014, hackers obtained self-checkout lane users’ payment card information.
According to Attorney General Dave Yost, Ohio will receive just over $656,000 in the settlement. Kentucky Attorney General Daniel Cameron says the state will receive over $188,570. Indiana will receive $520,962, according to their Indiana Attorney General Curtis Hill.
“The Home Depot might have the right hardware for customers, but, in this case, it lacked the necessary tools to protect their information,” Yost said. “That’s now going to change with this settlement.”
As part of the settlement, Home Depot has agreed to add and sustain additional data security measures, including “providing necessary security resources and training and hiring a Chief Information Security Officer,” USA Today mentioned.
“This settlement ensures that businesses, like Home Depot, take the necessary steps to appropriately safeguard consumer data,” Cameron said. “This is one example of the work our Office of Consumer Protection undertakes, on behalf of all Kentuckians, to ensure that our Consumer Protection and Data Privacy laws are followed.”