Home Depot breach victims reach $19.5 million settlement

Getty Images

Home Depot has agreed to pay at least $19.5 million to settle consumer lawsuits brought over a massive 2014 data breach that exposed more than 50 million customers’ data, according to multiple reports.

Of the compensation, $13 million will establish a reimbursement fund for affected shoppers. At least $6.5 million will pay for 18 months of identity protection services for breach victims, Reuters reported.

As part of the deal, the home improvement retailer will also bolster its data security program, hiring a chief information security officer to run the efforts.

“We wanted to put the litigation behind us, and this was the most expeditious path,” Home Depot spokesman Stephen Holmes told Reuters. “Customers were never responsible for any fraudulent charges.”

The company agreed to pay legal fees for the affected customers as well. These costs could exceed $8.7 million, according to court papers.

The settlement will add to Home Depot's rising bill from the break. The company said in November it had already incurred $152 million in expenses.

The company is also facing litigation from credit and debit card issuers over the data intrusion.

Home Depot’s settlement follows a similar deal that Target struck last year over litigation related to its own major data breach in 2013. In that agreement, Target settled for a total of $10 million.

Both data intrusions were early examples of the cyberattacks that have plagued the public and private sectors in recent years.

In response, Congress in December approved legislation that provides companies with incentives to share more data on hacking threats with the government.