Home Depot Security Breach Class Action Lawsuit Settled For $19.5M

Home Depot has agreed to pay $19.5 million to settle lawsuits filed by customers over a security breach, which allowed hackers to access credit card information and other data on at least 56 million credit and debit cards used at stores nationwide. 

The Home Depot settlement should resolve the mounting litigation the company has faced since it was discovered that hackers gained access to data between April and September 2014.

More than 50 lawsuits, both individual and class action, were filed against the home improvement store chain for failing to protect consumer data. Plaintiffs included customers and some financial institutions.

In December 2014, the U.S. Judicial Panel on Multidistrict Litigation consolidated all of the Home Depot security breach lawsuits in the U.S. District Court for the Northern District of Georgia before Judge Thomas W. Thrash, Jr. for pretrial proceedings.

The Home Depot security breach settlement agreement will require the company to pay $13 million to consumers who lost money and suffered out-of-pocket losses due to the breach. The other $6.5 million will be used to provide 18 months of identity theft protection for those consumers involved in the class action.

Home Depot has apologized for the incident and said that it has installed new technology to better protect customer financial data. The company denied that the malware had been used before against other companies.

While Home Depot has said that the hackers did not obtain customers’ PIN numbers, the stolen credit card information has already appeared on websites known to traffic in stolen consumer information, the lawsuits claim.

The company has reportedly spent about $261 million on the legal and other costs from the security breach, only $100 million of which was covered by its insurers.