This week Home Depot agreed to a $19.5 million settlement, bringing one of the U.S. largest data breach cases to a close. The retail behemoth will compensate 40 million cardholders for a 2014 security compromise that resulted in 50 million credit card numbers and 53 million email addresses stolen.
The unknown attackers used compromised vendor credentials to access and penetrate Home Depot’s corporate network and retail point-of-sale (POS) system. Data breaches involving POS malware are on the rise—in this particular case, attackers deployed POS malware on self-checkout systems to surreptitiously intercept customer credit card numbers and other information.
Cyber attackers have been relentlessly targeting retail chain’s POS systems as of late. During the Target data breach in 2014, hackers were able to install RAM-scraping malware on POS systems and intercept customer card info.
As part of the settlement, the Home Depot admits no wrongdoing or liability in the breach, per court filings with the US District Court for the Northern District of Georgia. The settlement is compromised of over 57 consolidated class-action lawsuits filed against Home Depot in both US and Canadian courts.