The Home Depot Inc (NYSE:HD) agreed to settle a class action lawsuit filed by consumers in the United States in connection with the data breach of the company’s payment systems in 2014. Around 53 million cardholders were affected by the data breach.
The home improvement retailer previously disclosed that people who used their payment cards on self-checkout terminals in its stores in Canada and the United States between April and September 2014 were affected by the data breach.
According to Home Depot, the hackers used a vendor’s username and password to access the company’s computer network. The hackers accessed the payment card information of hackers using a custom-built malware.
Home Depot agreed to $19.5 million to settle the case
The terms of the preliminary settlement were disclosed in a filing with the federal court in Atlanta on Monday. Home Depot is based in the city.
The home improvement retailer agreed to pay at least $19.5 million to settle the case. The settlement includes $13 million, which will be used to reimburse shoppers for their out-of-pocket losses and $6.5 million for 11/2 years identity protection services for cardholders.
In addition, Home Depot agreed to improve its data security for two years and to hire a chief information security officer to supervise its progress.
The home improvement retailer will also pay the legal fees and related costs for affected consumers separately. Court papers showed that the legal fees and costs for lawyers could exceed $8.7 million.
Most expeditious path
Home Depot settled the lawsuit but did not admit any liability or wrongdoing. The settlement agreement is still subject to the approval of the court.
“We wanted to put the litigation behind us, and this was the most expeditious path. Customers were never responsible for any fraudulent charges,” said Stephen Holmes, the spokesman for Home Depot.
The lawyers representing consumers said the settlement compared “favorably” with other class action lawsuits including the one involving Target Corporation (NYSE: TGT), which agreed to a $10 million settlement over a 2013 data breach that affected at least 40 million cardholders.
According to the company, it booked $161 million of pre-tax expenses related to the data breach including consumer settlement and after accounting for expected insurance proceeds.