The home improvement retailer, Home Depot, has agreed to pay at a minimum $19.5 million to compensate consumers affected by the 2014 data breach.

Home Depot filed its preliminary settlement on Monday at a Federal Court in Atlanta where the company is based.

$13 million will be allocated to reimburse consumers for out-of-pocket losses, and at least, $6.5 million will be used to fund 1-1/2 years of identity protection services.

This breach affected U.S. and Canada consumers who swiped their payment cards at the self-checkout POS terminals between April & September 2014.

The company claims an intruder has able to successfully infiltrate the computer network by using a vendor username and password. The attacker was then able to use custom-built malware to access Home Depot shoppers’ payment card credentials.

Among those affected include 40 million individuals who had their payment card data stolen and 52 million people who had their email addresses stolen.

The Home Depot data breach was one of the first notorious breaches to nearly cripple the retail industry, alongside the almost infamous Target breach back in 2014. POS terminals have continuously proven to be the easiest target for cyber criminals. The sensitive information stored on these devices is far too sensitive to leave unprotected without defense measures implemented.

The Home Depot breach could have been easily avoided by implementing a hardened build standard with precision change detection (the PCI DSS recommends using the CIS Benchmarks as the best hardening standard to adopt). Hardening coupled with breach detection technology (FIM-based Host Intrusion Detection system or HIDS), would ensure that, even if a breach was successful, at least you would be alerted to the issue immediately and be in a position to take action to prevent any card data loss.

In a world of constantly emerging threats, security is a tough job – but the concepts of best practice have been devised for a reason.  The challenge for organizations is to attain that balance between unworkable change control practices and an anarchic environment that provides ample opportunities to hide. Closing the loop on change control delivers that vital visibility of all integrity changes but with just a fraction of the noise generated by traditional FIM implementation, enabling organizations to have far more confidence both in the validity of alarms and their ability to investigate and disarm.


Read this article on Reuters



The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)

[email protected]

United Kingdom

5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023

 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2023, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.