Home Depot will pay a $17.5 million settlement to 46 states including more than $686,000 to Pennsylvania regarding a 2014 data breach, officials announced Tuesday.
The breach exposed the payment card information of approximately 40 million Home Depot consumers nationwide, according to a release.
Hackers gained access to The Home Depot’s network and deployed malware on the company’s self-checkout point-of-sale system during the breach, the release states. Hackers were able to obtain self-checkout lane users’ payment card information between April 10, 2014 and Sept. 13, 2014.
Ohio Attorney General Dave Yost says Ohio will collect $656,210 and some change through the settlement. Kentucky Attorney General Daniel Cameron says Kentucky will receive just over $188,570. Indiana will receive $520,962, according to Indiana Attorney General Curtis Hill.
“The Home Depot might have the right hardware for customers but, in this case, it lacked the necessary tools to protect their information,” Yost said. “That’s now going to change with this settlement.”
Home Depot agreed to implement and maintain additional data security practices in the settlement, including providing necessary security resources and training and hiring a Chief Information Security Officer.
“This settlement ensures that businesses, like Home Depot, take the necessary steps to appropriately safeguard consumer data,” Cameron said. “This is one example of the work our Office of Consumer Protection undertakes, on behalf of all Kentuckians, to ensure that our Consumer Protection and Data Privacy laws are followed.”