Home Depot let hackers access your credit card info and now it’s going to cost them $17.5 million dollars. Ohio Attorney General Dave Yost announced the company agreed to a settlement. Ohio is one of 47 states that got together to file a lawsuit against the retail giant.
It’s all connected to a credit card breach back in 2014. The company’s lax security exposed the payment card information of 40 million Home Depot customers. Ohio’s share of that settlement is $656,210.31.
“The Home Depot might have the right hardware for customers. But, in this case, it lacked the necessary tools to protect their information,” Yost said. “That’s now going to change with this settlement.”
So how did this breach happen? Hackers managed to get into the company’s network and load malware onto the system. That malware got into their cash registers. If you used a self-checkout lane anywhere in the U.S. between April 10, 2014 and Sept 13, 2014, hackers had access to your bank information.
In addition to the payout to states for the credit card breach, Home Depot agreed to make changes to its security procedures and practices. Among the changes:
- Hire a Chief Information Security Officer to take charge of the company’s security measures.
- Spend the money necessary to upgrade the company’s IT security.
- Train employees on proper security measures and privacy safeguards.
- Put proper procedures for logins, passwords, two-factor authentication, encryption, and other important security measures in place.
Home Depot also agreed to post-settlement security checkups to make sure they’re doing everything they promised.
Other states participating in this settlement include:
- District of Columbia
- New Jersey
- North Carolina
- New Mexico
- New York
- North Dakota
- Rhode Island
- South Carolina
- West Virginia