Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Businesses Crime Privacy Security The Almighty Buck

Home Depot Will Pay Up To $19.5 Million For Massive 2014 Data Breach (csoonline.com) 66

itwbennett writes: In remedy for the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services. And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer.
This discussion has been archived. No new comments can be posted.

Home Depot Will Pay Up To $19.5 Million For Massive 2014 Data Breach

Comments Filter:
  • Only 19 million? (Score:5, Insightful)

    by Fwipp ( 1473271 ) on Wednesday March 09, 2016 @11:05AM (#51666083)

    Sorry we let criminals get your card info. Here's thirty cents.

    • More like two bits. As in "two bit ..."
    • by halivar ( 535827 ) <bfelger@gmai l . com> on Wednesday March 09, 2016 @11:30AM (#51666257)

      Oh, no, the lawyers will surely get a bigger cut than that.

    • When the IRS let criminals get your data [slashdot.org], no one faced any consequences at all.

  • by sinij ( 911942 ) on Wednesday March 09, 2016 @11:09AM (#51666109)
    Agreed to hire CSO? Did they also agreed to stop using stone tools and clay pots as part of their core business process? Just asking to make sure.
  • by moehoward ( 668736 ) on Wednesday March 09, 2016 @11:11AM (#51666119)

    18 free months of credit protection! Awesome. Home Depot really took it on the chin there, just like all the other leakers!!!

    Doesn't everyone's SSN and mother's maiden name change every year or so? 18 months should totally cover that. Why just last week I got my new SSN! I think my mother's maiden name is up for renewal pretty soon as well as my address, address history, bank account numbers, and mortgage. 18 months? No sweat. I'm protected!

    • Comment removed (Score:4, Interesting)

      by account_deleted ( 4530225 ) on Wednesday March 09, 2016 @12:31PM (#51666731)
      Comment removed based on user account deletion
      • by jsepeta ( 412566 )

        a physical token, because nobody has ever gotten away with stealing bitcoins.

      • The problem is not the unique identifier use of the SSN.

        The problem is that it is mistakenly used for authentication in some systems.

        The number should only be used to correlate you to a record (like and e-mail address). To utilize the data in that record a second factor needs to be used for authentication (password, government issued ID, etc).

    • by AmiMoJo ( 196126 )

      Is there any reason you can't change your SSN and mother's maiden name every year? Aside from the hassle, most places just use that as some memorable information rather than as a key to link to other databases, so it doesn't matter if you lie.

    • by vux984 ( 928602 )

      Ok... I've got to ask... why have you been entering your SSN and mother's maiden name into Home Depot's payment terminals?

      Seriously, their payment terminals were compromised... what information do you think was actually stolen exactly??

  • by ole_timer ( 4293573 ) on Wednesday March 09, 2016 @11:12AM (#51666137)
    they also announced that your furnace filter will now cost $.03 more to pay for it. so it goes.
    • Um, you can buy everything Home Depot sells from somewhere else. If they choose to raise their prices and hope that they don't lose sales to competition, that's their call.
  • by sjbe ( 173966 ) on Wednesday March 09, 2016 @11:14AM (#51666155)

    the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services.

    So they are paying $0.35 per affected customer. That my friends is the very definition of a slap on the wrist.

    • Comment removed based on user account deletion
      • by sjbe ( 173966 ) on Wednesday March 09, 2016 @01:34PM (#51667189)

        I can't imagine Home Depot still being in business 10 or 15 years from now.

        Really? I can't imagine them not being around. Home Depot made $7 billion on $85 billion in sales last year. There is nothing on the market that is going to replace them soon. They're not really vulnerable to Amazon for much of what they sell (can't ship lumber UPS) and the local mom and pops are too specialized or too small to compete effectively.

        Walking through Home Depot reminds me of every retail chain 6 months before filing for bankruptcy.

        I'm in Home Depot's routinely and you have a very different impression from me. Sure it looks like a warehouse but that's actually on purpose. Their founder designed it that way. It's not supposed to look like an Apple Store. Their founder reportedly drove a forklift around their first store just before it opened trying to get scuff marks on the floor - on purpose.

        Home Depot reminds me of Radio Shack circa 2010.

        Umm, yeah... no. The two are nothing like each other.

      • I can't imagine Home Depot still being in business 10 or 15 years from now. Walking through Home Depot reminds me of every retail chain 6 months before filing for bankruptcy. Lumber is always in bad shape. Overpriced tools. Nursery can't compare to local mom and pop places. The only thing that makes sense to buy from Home Depot are consumables like nails and tape. I can't imagine nails and tape keeping them in business. Home Depot reminds me of Radio Shack circa 2010.

        Home Depot is actually much larger than the warehouse you visit - they're a literal supply chain. There are contractor versions of Home Depot ("HD Supply" - guess what HD stands for?) whose sole purpose is to supply all the contractors with stuff, kinda-sorta like Costco, but also a one-stop shop for materials and everything.

        Sure, you can find better - you can go to a local nursery for better plants, a lumber yard for better lumber, etc.,but building contractors don't typically want to make 100 stops for all their supplies. If they need more than a few cords of lumber they might contract with a lumber yard for that, but basic supplies they will do it at Home Depot or the contractor store. And yes, in a pinch, they will also go to Home Depot to pick up supplies - again, because they can make one stop to do it.

        • The thing about contractors is they are businessmen, paying their guys (or "guyses" as several of ours like to put it) hourly.

          If they get to the job-site and a bunch of little shit is needed they aren't gonna pay their guyses to sit on their asses bullshitting about the Browns for three hours while the boss makes stops at a half-dozen specialty stores. They'll show up at the nearest Home Depot or Lowe's, buy everything, get their guyses started, and then maybe head to9 a specialty store for that one damn th

      • As a Home Depot employee, I really don;t think you understand the business model. Lumber/drywall/concrete/etc. are not there to dominate the homeowner's market, they are there to dominate the contractor's market. Thus that department always looks like shit (not like shit would cost money), the product is not replaced if it's got damage a contractor wouldn't care about because he's about to paint it, and it's all sold at actual cost. Plants are the responsibility of a local partner (in Ohio they're called "G

        • people are not gonna suddenly decide to buy nails on Amazon.com and then go to Home Depot for the lumber whenever the package arrives.

          I have done exactly this.

          • people are not gonna suddenly decide to buy nails on Amazon.com and then go to Home Depot for the lumber whenever the package arrives.

            I have done exactly this.

            That's unusual. Partly because very few people think of projects as something you stockpile shit for, and partly because you might go to Home Depot and find out your whole plan won't work because nobody in Northeast Ohio stocks that kind of Fence Panel in December, and you've got to a) wait until March, b) pay to have multiple 40-lb fence panels shipped to Cleveland, or c) switch over to chain link fence and have to get a whole new set of fasteners.

            It could become more common, and if anybody has tried that

      • Home Depot is more for small general contractors than anyone else.

        I doubt that even 1/4 of their business is from individual home user sales.

  • So the purpose of cases like this is not *really* to get money back, so much as it is to fine a company for something that should never have happened and maybe make them take a corrective step or two... but legal fees were around 8 million bucks.

    Which is kinda silly, because it was pretty obvious from the get-go that a company that loses data on 56 million payments sure as hell screwed up.

    • So who is screwing up America faster?

      Greedy/incompetent/careless corporations?
      Greedy lawyers?
      Greedy executives, who still get their golden parachute even after f***ing up a company?
      Greedy/moronic politicians?

      Notice any similarity in those choices? Greed, the root of all evil.
      • by halivar ( 535827 )

        Yes?

      • So who is screwing up America faster? Greedy/incompetent/careless corporations? Greedy lawyers? Greedy executives, who still get their golden parachute even after f***ing up a company? Greedy/moronic politicians? Notice any similarity in those choices? Greed, the root of all evil.

        *grabs thesaurus and looks up synonyms for Greed*

        Huh, that's odd. Under the United States subcategory, it merely says Capitalism.

        I wonder why...

  • "And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer."

    Wow, Golly Gee. A Chief Information Security Officer!!! That should do the trick right there.

    Am I the only person on this planet that thinks that our current public communications and computing technology is completely incapable of securing anything?

    I further think that the proposed solutions -- complex unique passwords, multi-factor authentication, BioID, ( http://www.discovery.com/tv- [discovery.com]

    • Anybody else?

      No.

    • "And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer."

      Wow, Golly Gee. A Chief Information Security Officer!!! That should do the trick right there.

      Am I the only person on this planet that thinks that our current public communications and computing technology is completely incapable of securing anything?

      I further think that the proposed solutions -- complex unique passwords, multi-factor authentication, BioID, ( http://www.discovery.com/tv-sh... [discovery.com] ) etc aren't going to work. Anybody with me on that?

      And I think that, yes, all that is likely to be a bit of a societal problem. Anybody else?

      You're exactly right. It is impossible to secure anything.

      All you can do is mitigate the risks as best you can.

      A slap on the wrist like this does very little to increase the risks to companies.

      They would take the low penalty rather than invest even more money in securing things to the level we are capable of (even that isn't 100% obviously).

      Financial risks are all a company cares about, after all.

  • Higher Prices to punish customers.

    Lawyers get rich as fuck, scam "credit monitoring" companies get rich as fuck. Consumers just get fucked.

  • So in addition to my 29.99 % interest rate on my HD credit card, I will get a rebate of 35 cents. nice! now lets start planning out my new kitchen
  • by Anonymous Coward

    This is the second (perhaps third) data breach article that quotes an insanely low credit monitoring cost.

    Do the math: 56m cards @ 6.5m dollars for 18 months --> 0.006 dollars per card per month.

    What kind of credit monitoring do you get for half a penny a month?!?

  • I had my card used at a Target in Wilmington DE when I was sitting at my kitchen table in NJ. After a bunch of phone calls from me to my bank, at Target, I realized it wasn't worth the effort to get the police report filed and work through the process just to see the face of the person that used my card. Yes, Target confirmed they had video of the person at the register using my card, and trying to use my card again later. My bank confirmed this card number was snagged in the Home Depot breach. If you w
  • Home Depot is as much a victim as customers. This incident is costing them millions, even without the lawsuit settlement.

    Sure, businesses should beef up security. But if your local hardware store is robbed, and the burglars got in because the store didn't have bullet-proof glass windows, nobody sues the store owners, they look for the thieves and try to bring them to justice.

    No matter what kind of security is employed by Home Depot or anyone else, criminals will find ways to get in. Let's not punish the

You know you've landed gear-up when it takes full power to taxi.

Working...