The Home Depot recently reached a multi-state agreement which settles an investigation into a 2014 data breach. The data breach compromised payment card information of roughly 40 million customers.
The company will pay a total of $17.5 million to 46 U.S. states and the District of Columbia. It has also agreed to strengthen its information security program through a series of steps, which must be done within 180 days of the agreement.
In 2014, hackers accessed the company's network and installed malware to the self-checkout point-of-sale system. This allowed the attackers to steal payment card information of customers who used self-checkout lanes between April and September of that year.
New York Attorney General Letitia James was the one to announce the agreement with The Home Depot. She shared her thoughts regarding the data breach:
"New Yorkers have every reasonable expectation that their personal financial information will remain private and protected. Instead of building a secure system, The Home Depot failed to protect consumers and put their data at risk. My office is committed to protecting consumers, which is why we will continue to use every instrument in our toolbox to hold accountable companies that fail to safeguard personal information."
Of the $17.5 million the company has agreed to pay out to the affected states, nearly $600,000 will go to the state of New York.
If you wish to read the settlement between The Home Depot and the State of New York in its entirety, here is the official settlement.