BALTIMORE, Maryland — Home Depot will pay dearly for not protecting customers’ private information. Maryland Attorney General Brian E. Frosh announced the retailer has agreed to a $17.5 million dollar settlement for a 2014 data breach.

The breach exposed the private credit and debit card information of 40 million Home Depot customers across the United States.

Hackers managed to load malware onto Home Depot’s network. Between April and September of 2014, the criminals were able to access information of customers who used self-checkout lanes all across the United States.

Maryland joined 46 other states to sue the retailer for the breach. 

Improve Security Practices

“Far too often, companies fail to protect consumers’ personal information from unlawful use or disclosure,” said Attorney General Frosh.  “As a result, consumers suffer harm personally and financially.  The data security measures required by this settlement will help protect the personal information of Marylanders and other consumers throughout the country.”

In addition to the settlement, the company agreed to:

  • Hire a Chief Information Security Officer
  • Provide security and privacy training for employees
  • Add specific security safeguards to their network

The company also agreed to undergo a post-settlement evaluation to ensure that they properly implement the new security procedures.