PHOENIX -- On Tuesday, Arizona Attorney General Mark Brnovich announced that The Home Depot, Inc. agreed to pay Arizona over $265,000 to resolve allegations stemming from a 2014 data breach that compromised roughly 40 million credit and debit cards nationwide.
The Arizona Attorney General’s Office said in a news release that the settlement is part of a larger $17.5 million settlement with 46 states and the District of Columbia.
In addition to the payment, the AZ AG's office said Home Depot has agreed to a series of data security and good governance provisions designed to strengthen its practices going forward.
The AZ AG's office said on September 8, 2014, Home Depot disclosed that cyber attackers gained access to its corporate network. This allowed the hackers to upload malware to at least 7,477 Home Depot self-checkout systems. The malware collected payment card information and sent it to the attackers, compromising approximately 40 million credit and debit cards nationwide.
“With our reliance on technology and the internet, protecting consumer data and information is more important than ever,” Brnovich said. “My office will continue to ensure that businesses take all necessary precautions to prevent data breaches and safeguard customers’ personal information.”
Under the settlement, Home Depot agreed to implement a comprehensive information security program, including regular security reporting to the Board of Directors and providing security awareness and privacy training to employees. As well as specific security requirements with respect to segmentation, logging and monitoring, access controls, password management, two-factor authentication, file integrity monitoring, firewalls, encryption, risk assessments, penetration testing, intrusion detection and vendor account management. Finally, it agreed to have third-party security assessments and audits for three years.
The AZ AG's office said Home Depot previously offered one year of credit monitoring to all affected U.S. individuals.