Dive Brief:
- Home Depot will pay a minimum of $19.5 million to settle consumer lawsuits filed after a data breach exposed the personal data of more than 50 million of its customers in 2014.
- The settlement also includes a requirement for the company to improve its data security efforts and to hire a chief information security officer.
- The company also agreed to pay legal fees for impact customers, which could could cost more than $8.7 million.
Dive Insight:
As consumer data hacks become more common, consumers are fighting back. Last year, Target settled a similar suit for $10 million following its data breach in 2013. Data breaches and hacks have long term impacts associated not just with the incident, but also recovery costs.
According to Reuters, $13 million of the settlement will be used to create a reimbursement fund for victims of the breach and another $6.5 million will pay for 18 months of identity protection services for them.
"We wanted to put the litigation behind us, and this was the most expeditious path," Home Depot spokesman Stephen Holmes said in an interview with Reuters.
Home Depot is also facing a lawsuit from credit and debit card issuers over the hack. Such lawsuits and settlements can add significantly to the expenses already incurred by a company dealing with a data beach. Before the settlement, Home Depot said the breach had already cost them $152 million.