Atlanta-based Home Depot expressed their willingness to pay up to $19.5 million to settle a class-action lawsuit raised by shoppers who were affected by the terrible and massive security breach. The breach exposed confidential credit card information of customers.
The breach happened between April and September of 2014 and involved hackers using custom-built malware to steal the credit card information of 56 million Home Depot customers.
According to CNET, "hackers worked their way through Home Depot's network to insert the malware on the retailer's self-checkout machines in the US and Canada, where the credit card information was exposed." The credentials were stolen using a third-party vendor.
The offer made by the home-improvement retailer include a $13 million fund that would be used to compensate customers. This fund would also pay customers for their "out-of-pocket expenses". The fund's balance would be used to pay legal fees and other associated expenses.
The settlement offer is still subject court approval. "We're working to put the litigation behind us, and this was the most expeditious path," said Stephen Holmes, a Home Depot spokesman.
The settlement also does not cover other pending lawsuits from financial institutions.
Home Depot also assured the public that it would come up with new data security measures that would not only protect its customers' personal and financial information but also that of the company as well
Another company that suffered severe damage was retail giant Target in 2013. The breach caused the exposure of credit card data of 40 million Target customers and the personal information of an additional 70 million customers. Target offered $10 million to settle the resulting class-action lawsuit.
Home Depot was not the only company that fell victim to this hacking spree. During that year, there were at least 1,500 data breaches worldwide. This number is 50 percent higher from that of 2013.