Home Depot Will Pay Up To $19.5 Million For Massive 2014 Data Breach (csoonline.com) 66
itwbennett writes: In remedy for the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services. And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer.
Only 19 million? (Score:5, Insightful)
Sorry we let criminals get your card info. Here's thirty cents.
Cut me a check? (Score:3)
I've been a victim of so many data breeches I now have three different experian and life lock memberships courtesy of various companies and give agencies who mishandled my vital particulars. I really don't need another one. I only accept these now because I think data mismanagement is a crime and since they won't be prosecuted they at least need to feel the sting in their wallet. But as long as they are paying give me the cash not experian.
Re: (Score:2)
About a year ago after the Target breach I went through the effort of locking my credit report at the 3 major agencies.
Now, in theory, I don't have to worry about someone opening new lines of credit in my name.
It cost me a total of about $30 (10/agency).
so obvious i won't even use 3.??? step. (Score:2)
1. pay big store CEO or CTO a bribe of $1b
2. he finds a 'data-breach'
3. big store pays up $1b, not in fines, but purchasing useless protection from your company
4. PROFIT! (you get your $1b back plus free users who may renew subscription plus free publicity.)
nobody is safer with those companies. you, at best, will save a few days with a false bad credit if it happen to you. but you will still experience a few days and will still have to make tons of phone calls.
Re: (Score:2)
Re:Only 19 million? (Score:5, Insightful)
Oh, no, the lawyers will surely get a bigger cut than that.
Meanwhile at the IRS (Score:3)
When the IRS let criminals get your data [slashdot.org], no one faced any consequences at all.
Re: (Score:3)
One 2x4 for every customer...
That would be fine if we get to hit the criminals with it.
Agreed to hire CSO? (Score:3)
That's a Long Time!!! (Score:5, Insightful)
18 free months of credit protection! Awesome. Home Depot really took it on the chin there, just like all the other leakers!!!
Doesn't everyone's SSN and mother's maiden name change every year or so? 18 months should totally cover that. Why just last week I got my new SSN! I think my mother's maiden name is up for renewal pretty soon as well as my address, address history, bank account numbers, and mortgage. 18 months? No sweat. I'm protected!
Re: (Score:2)
Err... We're not the ones with cookie notification laws, a right to be forgotten, and strange laws on how you can and can not collect information. I know it's fun to bash the US but that doesn't really make a whole lot of sense to me.
Comment removed (Score:4, Interesting)
Re: (Score:2)
a physical token, because nobody has ever gotten away with stealing bitcoins.
Re: (Score:2)
The problem is not the unique identifier use of the SSN.
The problem is that it is mistakenly used for authentication in some systems.
The number should only be used to correlate you to a record (like and e-mail address). To utilize the data in that record a second factor needs to be used for authentication (password, government issued ID, etc).
Re: (Score:2)
Is there any reason you can't change your SSN and mother's maiden name every year? Aside from the hassle, most places just use that as some memorable information rather than as a key to link to other databases, so it doesn't matter if you lie.
Re: (Score:2)
In the case of the SSN, there are some restrictions [ssa.gov]
Re: (Score:3)
Ok... I've got to ask... why have you been entering your SSN and mother's maiden name into Home Depot's payment terminals?
Seriously, their payment terminals were compromised... what information do you think was actually stolen exactly??
so it goes (Score:3)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Yeah, as a matter of fact, there is probably a Lowes or Mendards right across the street...
Talk about a slap on the wrist (Score:4, Insightful)
the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services.
So they are paying $0.35 per affected customer. That my friends is the very definition of a slap on the wrist.
Re: (Score:3)
Home Depot is doing fine (Score:5, Insightful)
I can't imagine Home Depot still being in business 10 or 15 years from now.
Really? I can't imagine them not being around. Home Depot made $7 billion on $85 billion in sales last year. There is nothing on the market that is going to replace them soon. They're not really vulnerable to Amazon for much of what they sell (can't ship lumber UPS) and the local mom and pops are too specialized or too small to compete effectively.
Walking through Home Depot reminds me of every retail chain 6 months before filing for bankruptcy.
I'm in Home Depot's routinely and you have a very different impression from me. Sure it looks like a warehouse but that's actually on purpose. Their founder designed it that way. It's not supposed to look like an Apple Store. Their founder reportedly drove a forklift around their first store just before it opened trying to get scuff marks on the floor - on purpose.
Home Depot reminds me of Radio Shack circa 2010.
Umm, yeah... no. The two are nothing like each other.
Prices are the same between Lowes and Home Depot (Score:4, Insightful)
Lowes and Menards are better, cheaper, and have already replaced many Home Depot locations.
Lowes is in no way, shape or form cheaper than Home Depot. There is very little difference in price between the two on average and I shop in both routinely. There is also plenty of evidence of people price comparing the two (spend two seconds on Google looking) and they almost always come out pretty close in price. You might find a deal in one or the other but if you think Lowes is cheaper you are not basing that on objective evidence.
You can get better prices than either sometimes going to specialty stores but whether that is worthwhile depends on how much running around you plan to do.
I can't speak for Menards as there isn't one near me but I'm dubious their prices are meaningfully less.
Re: (Score:2)
In Northeast Ohio there is no significant difference between Home Depot and Lowe's.
Menard's just opened up a few locations, and a) everything is new and pristine, and b) they're trying to make a good impression so the stores are both beautiful and adequetely-staffed (established stores will have low-ball their staffing numbers on the basis that people will wait two minutes while you finish with the other guy, new stores need to make a perfect impression so they pay top dollar to make sure you'll be able to
Re:I'm sure they'll be out of business soon enough (Score:4, Informative)
Home Depot is actually much larger than the warehouse you visit - they're a literal supply chain. There are contractor versions of Home Depot ("HD Supply" - guess what HD stands for?) whose sole purpose is to supply all the contractors with stuff, kinda-sorta like Costco, but also a one-stop shop for materials and everything.
Sure, you can find better - you can go to a local nursery for better plants, a lumber yard for better lumber, etc.,but building contractors don't typically want to make 100 stops for all their supplies. If they need more than a few cords of lumber they might contract with a lumber yard for that, but basic supplies they will do it at Home Depot or the contractor store. And yes, in a pinch, they will also go to Home Depot to pick up supplies - again, because they can make one stop to do it.
Re: (Score:2)
The thing about contractors is they are businessmen, paying their guys (or "guyses" as several of ours like to put it) hourly.
If they get to the job-site and a bunch of little shit is needed they aren't gonna pay their guyses to sit on their asses bullshitting about the Browns for three hours while the boss makes stops at a half-dozen specialty stores. They'll show up at the nearest Home Depot or Lowe's, buy everything, get their guyses started, and then maybe head to9 a specialty store for that one damn th
Re: (Score:2)
As a Home Depot employee, I really don;t think you understand the business model. Lumber/drywall/concrete/etc. are not there to dominate the homeowner's market, they are there to dominate the contractor's market. Thus that department always looks like shit (not like shit would cost money), the product is not replaced if it's got damage a contractor wouldn't care about because he's about to paint it, and it's all sold at actual cost. Plants are the responsibility of a local partner (in Ohio they're called "G
Re: (Score:2)
people are not gonna suddenly decide to buy nails on Amazon.com and then go to Home Depot for the lumber whenever the package arrives.
I have done exactly this.
Re: (Score:2)
people are not gonna suddenly decide to buy nails on Amazon.com and then go to Home Depot for the lumber whenever the package arrives.
I have done exactly this.
That's unusual. Partly because very few people think of projects as something you stockpile shit for, and partly because you might go to Home Depot and find out your whole plan won't work because nobody in Northeast Ohio stocks that kind of Fence Panel in December, and you've got to a) wait until March, b) pay to have multiple 40-lb fence panels shipped to Cleveland, or c) switch over to chain link fence and have to get a whole new set of fasteners.
It could become more common, and if anybody has tried that
Re: (Score:2)
Home Depot is more for small general contractors than anyone else.
I doubt that even 1/4 of their business is from individual home user sales.
40% is attorney's fees (Score:2)
So the purpose of cases like this is not *really* to get money back, so much as it is to fine a company for something that should never have happened and maybe make them take a corrective step or two... but legal fees were around 8 million bucks.
Which is kinda silly, because it was pretty obvious from the get-go that a company that loses data on 56 million payments sure as hell screwed up.
Re: (Score:1)
Greedy/incompetent/careless corporations?
Greedy lawyers?
Greedy executives, who still get their golden parachute even after f***ing up a company?
Greedy/moronic politicians?
Notice any similarity in those choices? Greed, the root of all evil.
Re: (Score:2)
Yes?
Re: (Score:2)
So who is screwing up America faster? Greedy/incompetent/careless corporations? Greedy lawyers? Greedy executives, who still get their golden parachute even after f***ing up a company? Greedy/moronic politicians? Notice any similarity in those choices? Greed, the root of all evil.
*grabs thesaurus and looks up synonyms for Greed*
Huh, that's odd. Under the United States subcategory, it merely says Capitalism.
I wonder why...
Boy do I feel more secure. (Score:2)
"And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer."
Wow, Golly Gee. A Chief Information Security Officer!!! That should do the trick right there.
Am I the only person on this planet that thinks that our current public communications and computing technology is completely incapable of securing anything?
I further think that the proposed solutions -- complex unique passwords, multi-factor authentication, BioID, ( http://www.discovery.com/tv- [discovery.com]
Re: (Score:1)
No.
Re: (Score:2)
"And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer."
Wow, Golly Gee. A Chief Information Security Officer!!! That should do the trick right there.
Am I the only person on this planet that thinks that our current public communications and computing technology is completely incapable of securing anything?
I further think that the proposed solutions -- complex unique passwords, multi-factor authentication, BioID, ( http://www.discovery.com/tv-sh... [discovery.com] ) etc aren't going to work. Anybody with me on that?
And I think that, yes, all that is likely to be a bit of a societal problem. Anybody else?
You're exactly right. It is impossible to secure anything.
All you can do is mitigate the risks as best you can.
A slap on the wrist like this does very little to increase the risks to companies.
They would take the low penalty rather than invest even more money in securing things to the level we are capable of (even that isn't 100% obviously).
Financial risks are all a company cares about, after all.
Coming soon to Home Depot.... (Score:2)
Higher Prices to punish customers.
Lawyers get rich as fuck, scam "credit monitoring" companies get rich as fuck. Consumers just get fucked.
Re: (Score:3)
No, it hasn't. Not even close to the 56 MILLION payment cards affected by Home Depot's breach.
The IRS has said roughly 700,000 people, or 0.013% the number Home Depot let loose, were affected by their breach.
Target had 40 MILLION people affected by their breach in 2013.
So no, the IRS was not hacked worse, not in any fantasy world you can conceive. Not even in the same galaxy by comparison.
Re: (Score:2)
Which hack was worse? Hard to say.
With the IRS hack they got 700k complete sets of tax info, including SSNs, allowing them to acquire hundreds of millions in fake refunds in those 700k names; and also allowing all kinds of interesting shenanigans with identity theft. As a guy who works as a tax preparer during the season, I guarantee 100% of those 700k had at least one, and probably 2-3 really fucking bad days due to that breach.
OTOH, as one of the 56 million my bank re-issued my Credit Card before anybody
new kitchen (Score:2)
Cheap-o Credit Monitoring Inc. (Score:1)
This is the second (perhaps third) data breach article that quotes an insanely low credit monitoring cost.
Do the math: 56m cards @ 6.5m dollars for 18 months --> 0.006 dollars per card per month.
What kind of credit monitoring do you get for half a penny a month?!?
I had my card used... (Score:2)
Punishing the victim (Score:2)
Home Depot is as much a victim as customers. This incident is costing them millions, even without the lawsuit settlement.
Sure, businesses should beef up security. But if your local hardware store is robbed, and the burglars got in because the store didn't have bullet-proof glass windows, nobody sues the store owners, they look for the thieves and try to bring them to justice.
No matter what kind of security is employed by Home Depot or anyone else, criminals will find ways to get in. Let's not punish the