On November 24, 2020, Home Depot, Inc. and 47 state Attorney Generals reached a $17.5 million settlement regarding a 2014 data breach in which hackers used malware to gain access to the payment card information of nearly 40 million customers who used Home Depot’s self-checkout terminals between April 10, 2014 and September 13, 2014.
Home Depot also agreed to implement numerous data security and data breach protection measures, and indicated that it has spent approximately $198 million on other breach-related expenses, including to resolve litigation with customers, card issuers, and banks allegedly harmed by the breach.