A Closer Look At The Fallout From The Home Depot Data Breach Data Security Law Blog
Table of Content
Approximately 56 million credit and debit card information was stolen along with 53 million email addresses. At the time, Home Depot's data breach was the largest with the most known data stolen. 's 2013 data breach was even larger, affecting more than 1 billion accounts. The survey found that, in addition to the total cost to cover expenses tied to the incident, the breach had an impact on 7.2 million credit and debit cards issued by credit unions. Unsurprisingly, one of the major fallouts from the data breach has been litigation—lots of it and from different plaintiffs. There are currently three tracks of lawsuits proceeding against Home Depot.
100% of a company's ranking on BestCompany.com is determined by the reviews of its consumers. The Home Depot's investigation, cooperation with law enforcement and efforts to further enhance its security measures are ongoing. The company does not anticipate further updates on the breach outside of its quarterly financial disclosures. At Home Depot, where hackers used malware to collect customer data at cash registers, it reportedly took nine months for the breach to be identified and stopped allowing for the damage to affect millions of customers. To say it is concerning that more than 2,000 data breaches occurred in the first half of 2022 alone would be a dramatic understatement. CWGS Group, the holding company that owns Camping World and Good Sam Club, announced a data breach on November 7, 2022.
View All Financial Services & Investing
A recent eSecurity Planet article offered advice on how to respond to a data breach. Home Depot is also required to appoint a Chief Information Security Officer responsible for oversight of Home Depot’s implementation and maintenance of the information security program prescribed by the Settlement. We're on a mission to empower consumers to make the best decisions and connect confidently with companies that deserve their business. Sign up below to receive a monthly newsletter containing relevant news, resources and expert tips on Identity Theft and other products and services. From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations' risk management capabilities.
In addition, Home Depot agreed to provide increased data security measures for a period of two years. Nussle added that all participants in the payment process have a shared responsibility to protect consumer data. "However, the law and the incentive structure today allow merchants to abdicate that responsibility, making consumers vulnerable," Nussle said. Credit unions responding to the survey have issued a total of 20.1 million cards outstanding, comprised of 14.9 million debit cards and 5.2 million credit cards. The total represents 28.2% of the 53 million debit cards issued by credit unions, 32.5% of the 16 million credit cards outstanding, and 29.2% of the total of 69 million cards outstanding.
Arkansas Health System Discloses Data Breach
An "affected" card is a debit or credit card about which the credit union's processor or network has informed the credit union that the card has been or may have been compromised in the breach. Chris is a corporate attorney and a Certified Information Privacy Professional . He has significant experience handling legal and business issues relating to technology, data privacy and security, brand protection, contract negotiation, licensing, and product development. But credit union officials say the risk to reputations following a data breach is even more burdensome.
The warehouse giant was criticized for not responding to the breach sooner and for taking its time to report the incident to affected customers and the authorities. Additional details indicate that the hacker used stolen vendor credentials to get into Home Depot’s system to install the malware. The total number of affected debit and credit cards at reporting credit unions amounts to 10.3% total cards outstanding at those credit unions. Projecting to the population, we estimate that a total of 7.2 million credit union debit and credit cards were affected by the breach. With data breaches occurring regularly, the costs to credit unions are rising. "The bottom line is that credit union members end up paying the costs, despite the fact that the credit unions they own had nothing to do with causing the breach in the first place," CUNA President and CEO Jim Nussle says.
Anthem Data Breach Exposed 78 Million Records
Last year’s Target data breach cost credit unions $30 million, according to CUNA. JD Sherry, vice president of technology and solutions for Trend Micro, says the costs tied to the breach are not surprising "because organizations are realizing the downstream repercussions of managing and handling the fallout," he says. "Consumers are becoming more aware " as well, he says, which could contribute to an increasing number of calls to credit union help desks and potentially more lawsuits being waged against the breached entity.
Workers were trained to protect equipment and identify phishing and other cyberattack methods. Internally, the company elevated its chief information security officer to senior management so the position could focus solely on data security. To date, Home Depot said it has had $232 million in expenses stemming from the security breach, but experts say that number is likely to grow.
The Settlement also requires that Home Depot operationalize extensive and specific vendor management requirements. On average, it costs $8.02 to reissue a consumer card, according to the survey. Implement NIST's risk management framework, from defining risks to selecting, implementing and monitoring information security controls.
First, in November 2014, consumers began to file suit, and more than forty-four of them were ultimately consolidated in the Northern District of Georgia. The good news for Home Depot is that its legal fight with consumers appears to be coming to an end. Lastmonth, the Court approved a preliminary settlement in which Home Depot agreed to create a $13 million settlement fund to reimburse the class and agreed to spend up to $6.5 million to fund eighteen months of cardholder identity protection services.
Further, the most recent CUNA survey found that – to date -- credit unions have not been reimbursed for the costs they incurred as a result of the Target breach. The Settlement includes not only $17.5 million in monetary payments to the states, but also requires that Home Depot implement a series of information security measures and undertake a number of oversight and reporting obligations. Note that the Settlement is in addition to the estimated more than$180 million in reported payoutsthat Home Depot has already forked over in litigation with customers, card issuers, and banks as a result of the breach. The retailers noted that many in the financial services industry have formed a partnership, led by RILA and the Financial Services Roundtable, to establish a private-public partnership with businesses to share data threat information.
Advocate Aurora Health is a Midwest-based non-profit healthcare provider that serves over 3 million people. It has dual headquarters in Downers Grove, Illinois, and Milwaukee, Wisconsin, and only services the two states. It serves over one billion people yearly, 200 million of these American customers. Attorneys for consumers and the banks countered that Home Depot was negligent in protecting consumer information, despite being warned by workers that its security was inadequate. According to its statement, Home Depot believes it will have a 4.8 percent growth in sales this year, as previously predicted. “Instead of building a secure system, The Home Depot failed to protect consumers and put their data at risk,” New York Attorney General Letitia James said about the 2014 incident.
NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. It is sometimes difficult to find concrete examples from governmental authorities of required or recommended security measures, often leaving businesses unsure of exactly which measures they should implement. This Settlement, on the other hand, provides an invaluable list of security requirements that businesses would be well-advised to consider making part of their information security program. Finally, the Settlement requires that Home Depot provide annual security and privacy training to all personnel whose job involves access to the company’s network or responsibility for customer personal information.
The findings are the result of weeks of investigation by The Home Depot, in cooperation with law enforcement and the company's third-party IT security experts. Companies face myriad and evolving ways their data can be breached, making protecting data akin to a game of whac-a-mole. Once one potential threat is identified, hackers have already begun trying to get through another way. Instead of devoting all their resources to chasing the threats, companies should focus on minimizing the time it takes to identity those breaches, said Brian Foster, chief technology officer at cyber security firm Damballa.
Home Depot also anticipates lawsuits by payment card networks seeking reimbursement for fraud losses and for operating expenses such as the cost of issuing replacement cards. “At this time, the company believes it is probable that the claims will be asserted and that settlement negotiations will ensue, and believes that a loss in connection with these claims is reasonably possible,” the filing states. Individuals have also started taking extra precautions with their personal information by enrolling in identity theft protection programs. If you are one of the millions who have been affected by a data breach, or if you want to protect yourself, check out our top-rated identity theft protection companies.
Comments
Post a Comment