The home improvement supplies retailer who experienced a massive data breach in 2014, resulting in the exposure of more than 50 million customers personal information, has agreed to pay a settlement of $25 million for damages.
Home Depot is already out roughly $135 million which it paid in compensation to credit card brands and financial institutions. Home Depot also agreed last year to pay the affected customers around $19.5 million in compensation.
According to Forbes, Home Depot’s breach is currently running around $179 million, but that figure is expected to rise considerably.
In addition to monetary consequences, Home Depot is also required to improve its cybersecurity implementations, including stricter oversight of its vendors.
Since the breach, Target has made significant improvements to avoid this station from arising in the future. In fact, Target is the first U.S. retailer to install microchip enabled card readers at all stores.
Organizations can no longer be ignorant to the reality that they could very well be the next victim of a data breach and can learn from corporations like Home Depot who are experiencing the serious financial & legal consequences that are associated with suffering from a data breach. Security is constantly evolving and staying up the date with the latest threats that could impact your organization could put you one step ahead and could be the difference between a massive data breach and an easy fix.
For example, the Target & Home Depot data breaches could have been easily avoided by implementing a hardened build standard with precision change detection (the PCI DSS recommends using the CIS Benchmarks as the best hardening standard to adopt). Hardening coupled with breach detection technology (FIM-based Host Intrusion Detection system or HIDS), would ensure that, even if a breach was successful, at least you would be alerted of the issue immediately and be in a position to take action to prevent any card data loss.
Read this article on SCMagazine