Customers whose information was stolen in Home Depot’s 2014 data breach may soon get some compensation for their ordeal.
On Tuesday, Home Depot agreed to pay roughly $19.5 million to remedy its security crisis, which affected the consumer information on an estimated 56 million credit cards.
The settlement amount includes a $13 million fund to reimburse affected Home Depot customers for their losses, as well as roughly $6.5 million to give
credit card customers 18 months of identity protection services.
The court must still approve the settlement offer. Aside from the monetary concessions, Home Depot said it will improve its data security practices over
the next two years—and hire a chief information security officer to oversee the company’s progress.
The company reminded reporters, however, that it was not admitting blame for the breach.
“We’re working to put the litigation behind us,” Home Depot spokesman Stephen Holmes
told PC World in an email
. “This was the most expeditious path, but it’s not an admission of liability.”
RELATED: Keep your cool in a crisis with these 13 tips.
Holmes also told PC World that the company’s customers “were not responsible for fraudulent charges, and they’ve been [Home Depot’s] primary focus
throughout” the breach’s aftermath.
explained how the company thinks consumer data was stolen:
Officials with Home Depot say the hackers accessed their systems with stolen credentials from a third-party vendor.
It’s believed that hackers then navigated Home Depot’s main computer network by exploiting a vulnerability in Microsoft’s operating system. From there the
hackers were able operate as Home Depot employees with high-level permissions.
Home Depot was not the only organization launched into crisis mode because of a security breach, C|Net reported:
The breach occurred at a time when hacks on businesses and government agencies were running rampant. There were more than 1,500 data breaches worldwide in
2014, up nearly 50 percent from 2013.
The hack into Home Depot was similar to a security breach at retail giant Target in 2013 that exposed the credit card data of 40 million Target customers
and the personal information of an additional 70 million customers. In that case, Target offered $10 million to settle the resulting class-action