Slashdot Mirror
Home Depot Will Pay Up To $19.5 Million For Massive 2014 Data Breach (csoonline.com)
itwbennett writes: In remedy for the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services. And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer.
Sorry we let criminals get your card info. Here's thirty cents.
One 2x4 for every customer...
Sony got away with that shit, too. And you'll notice they're subscription services that are a pain to cancel later.
The question for the Depot is: why wasn't the data encrypted?
FYI: Sony's 2008, 2011 and 2014 hacks (SQL injections - and not including the embarrassing email dumps), demonstrated Sony don't even hash users' passwords.
Agreed to hire CSO? Did they also agreed to stop using stone tools and clay pots as part of their core business process? Just asking to make sure.
18 free months of credit protection! Awesome. Home Depot really took it on the chin there, just like all the other leakers!!!
Doesn't everyone's SSN and mother's maiden name change every year or so? 18 months should totally cover that. Why just last week I got my new SSN! I think my mother's maiden name is up for renewal pretty soon as well as my address, address history, bank account numbers, and mortgage. 18 months? No sweat. I'm protected!
"If you want to improve, be content to be thought foolish and stupid." - Epictetus
they also announced that your furnace filter will now cost $.03 more to pay for it. so it goes.
nothing to see here - move along
the 2014 data breach that included the theft of data pertaining to about 56 million payment cards, as well as 53 million email addresses, Home Depot has reportedly agreed to pay $13 million to reimburse customers for their losses and $6.5 million to provide them with 18 months of identity protection services.
So they are paying $0.35 per affected customer. That my friends is the very definition of a slap on the wrist.
So the purpose of cases like this is not *really* to get money back, so much as it is to fine a company for something that should never have happened and maybe make them take a corrective step or two... but legal fees were around 8 million bucks.
Which is kinda silly, because it was pretty obvious from the get-go that a company that loses data on 56 million payments sure as hell screwed up.
solar panels? where are the victims?
This is a local company for me. They are always hiring. Revolving door culture in the IT department. Several people left where I work, went there and came back on their knees begging to return. All the usual maladies: offshoring, H1B abuse, cronyism, terrible leaders and managers. This breach is not a surprise at all. Someone forgot to do the needful.
Should be $19.5 billion
You ain't gettin shit!
by theft protection & identity restoration scamsters?
"And while the company was not required to admit wrongdoing, it has agreed to hire a chief information security officer."
Wow, Golly Gee. A Chief Information Security Officer!!! That should do the trick right there.
Am I the only person on this planet that thinks that our current public communications and computing technology is completely incapable of securing anything?
I further think that the proposed solutions -- complex unique passwords, multi-factor authentication, BioID, ( http://www.discovery.com/tv-sh... ) etc aren't going to work. Anybody with me on that?
And I think that, yes, all that is likely to be a bit of a societal problem. Anybody else?
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
Higher Prices to punish customers.
Lawyers get rich as fuck, scam "credit monitoring" companies get rich as fuck. Consumers just get fucked.
Do not look at laser with remaining good eye.
SSN was never intended to be a unique ID for things like credit. Its purpose was for social security. I think it's high time the government funded grants to pay our best mathematicians to come up with a new system. Maybe something involving a physical token. Not sure what such a system would look like, but it's obvious SSN for credit and medical purposes is broken. Hell, SSN isn't even guaranteed to be unique!
So in addition to my 29.99 % interest rate on my HD credit card, I will get a rebate of 35 cents. nice! now lets start planning out my new kitchen
I can't imagine Home Depot still being in business 10 or 15 years from now. Walking through Home Depot reminds me of every retail chain 6 months before filing for bankruptcy. Lumber is always in bad shape. Overpriced tools. Nursery can't compare to local mom and pop places. The only thing that makes sense to buy from Home Depot are consumables like nails and tape. I can't imagine nails and tape keeping them in business. Home Depot reminds me of Radio Shack circa 2010.
When the IRS let criminals get your data, no one faced any consequences at all.
This is the second (perhaps third) data breach article that quotes an insanely low credit monitoring cost.
Do the math: 56m cards @ 6.5m dollars for 18 months --> 0.006 dollars per card per month.
What kind of credit monitoring do you get for half a penny a month?!?
I can't imagine Home Depot still being in business 10 or 15 years from now.
Really? I can't imagine them not being around. Home Depot made $7 billion on $85 billion in sales last year. There is nothing on the market that is going to replace them soon. They're not really vulnerable to Amazon for much of what they sell (can't ship lumber UPS) and the local mom and pops are too specialized or too small to compete effectively.
Walking through Home Depot reminds me of every retail chain 6 months before filing for bankruptcy.
I'm in Home Depot's routinely and you have a very different impression from me. Sure it looks like a warehouse but that's actually on purpose. Their founder designed it that way. It's not supposed to look like an Apple Store. Their founder reportedly drove a forklift around their first store just before it opened trying to get scuff marks on the floor - on purpose.
Home Depot reminds me of Radio Shack circa 2010.
Umm, yeah... no. The two are nothing like each other.
I had my card used at a Target in Wilmington DE when I was sitting at my kitchen table in NJ. After a bunch of phone calls from me to my bank, at Target, I realized it wasn't worth the effort to get the police report filed and work through the process just to see the face of the person that used my card. Yes, Target confirmed they had video of the person at the register using my card, and trying to use my card again later. My bank confirmed this card number was snagged in the Home Depot breach. If you want to make me happy, burn down every other Home Depot store, and jail those responsible for not securing their network at Home Depot. Those people shouldn't be allowed near any technology, then again they never have been. It is almost enough to push me over to the dark side. Maybe I'll swing by next Saturday morning with my spray bottle of Liquid Ass. (read the comments on Amazon).
Lowes and Menards are better, cheaper, and have already replaced many Home Depot locations.
Lowes is in no way, shape or form cheaper than Home Depot. There is very little difference in price between the two on average and I shop in both routinely. There is also plenty of evidence of people price comparing the two (spend two seconds on Google looking) and they almost always come out pretty close in price. You might find a deal in one or the other but if you think Lowes is cheaper you are not basing that on objective evidence.
You can get better prices than either sometimes going to specialty stores but whether that is worthwhile depends on how much running around you plan to do.
I can't speak for Menards as there isn't one near me but I'm dubious their prices are meaningfully less.
I've been a victim of so many data breeches I now have three different experian and life lock memberships courtesy of various companies and give agencies who mishandled my vital particulars. I really don't need another one. I only accept these now because I think data mismanagement is a crime and since they won't be prosecuted they at least need to feel the sting in their wallet. But as long as they are paying give me the cash not experian.
Some drink at the fountain of knowledge. Others just gargle.
I like Lowes better but the selection is 10x better at Home Depot. If the employees didn't suck, I'd go there more often.
1. pay big store CEO or CTO a bribe of $1b
2. he finds a 'data-breach'
3. big store pays up $1b, not in fines, but purchasing useless protection from your company
4. PROFIT! (you get your $1b back plus free users who may renew subscription plus free publicity.)
nobody is safer with those companies. you, at best, will save a few days with a false bad credit if it happen to you. but you will still experience a few days and will still have to make tons of phone calls.
Home Depot is as much a victim as customers. This incident is costing them millions, even without the lawsuit settlement.
Sure, businesses should beef up security. But if your local hardware store is robbed, and the burglars got in because the store didn't have bullet-proof glass windows, nobody sues the store owners, they look for the thieves and try to bring them to justice.
No matter what kind of security is employed by Home Depot or anyone else, criminals will find ways to get in. Let's not punish the victims!