Unless you're a regular Home Depot shopper, you may have missed the fact that back in 2014, the company was the victim of a successful hacking attack that saw malware installed on the company's POS (Point of Sale) system.
The attack allowed them to collect more than 40 million records belonging to customers in both the US and Canada.
As a consequence of the hack, a total of 46 states, and the District of Columbia filed a lawsuit against the company. That lawsuit has recently been settled, to the tune of $17.5 million, USD. In addition to the fine, the company has been directed to implement a number of improvements to its security system designed to help minimize the risk of their customers in the future.
Massachusetts Attorney General Maura Healey had this to say about the outcome:
"Retailers must take meaningful steps to protect consumers' credit and debit card information from theft when they shop. This settlement ensures Home Depot complies with our state's strong data security law and requires the company to take steps to protect consumer information from illegal use or disclosure."
Our view is that Ms. Healey overstates the impact of the outcome of the suit. The fine is a pittance, amounting to less than fifty cents per compromised customer record, and any company interested in staying in business in this day and age shouldn't need to be named in a lawsuit to follow current IT Security Best Practices.
Even so, the resolution of the lawsuit has resulted in some positive changes, although they are too late to make a difference for the 40 million customers already impacted.
These kinds of issues are happening with increasing frequency, and that's not going to change until companies everywhere, of all shapes and sizes, get more serious about protecting their customers' data. What's the state of your company's security? If you're not sure, there's no time like the present to review it carefully.