Credit Card Data Breach Results in Multi-State $17.5 Million Settlement

Yesterday, California Attorney General Xavier Becerra announced a $17.5 million multi-state settlement with The Home Depot, Inc. regarding a data breach affecting point-of-sale systems at the retailer's facilities. The breach affected the payment card information of approximately 40 million consumers and 53 million email addresses. The settlement includes both monetary and injunctive relief, pursuant to which the retailer will implement increased security policies and procedures. In announcing the settlement, Attorney General Becerra stated that the retailer had, among other things, failed to "stay apprised of evolving security standards." The settlement is an important reminder of the need for companies to keep abreast of developments in consumer privacy and cybersecurity. Attorney General Becerra joined more than 40 other state attorneys general in securing the settlement. The California case is California v. Home Depot U.S.A., Inc. et al., No. 20-CIV-05220 in the Superior Court of California for San Mateo County. The settlement, which is pending final approval, is available here.