Home Depot Settles Major Data Breach Suit with Financial Institutions for $25 Million
Client Alert | 1 min read | 03.13.17
On Wednesday, in one of the most high-profile data breach settlements to date, The Home Depot agreed to pay $25 million to settle a consolidated class action involving more than 60 nationwide financial institutions harmed by the retailer’s September 2014 data breach. That month, the home improvement giant announced that hackers had installed malware on Home Depot’s checkout kiosks and, over a five-month period, stolen credit card information of more than 56 million shoppers. Immediately thereafter, financial institutions filed more than 25 suits seeking compensation for reissuance fees and fraudulent transaction reimbursements, suits that were then consolidated before a federal court in Atlanta.
The agreement requires the retailer to establish a $25 million settlement fund to reimburse financial institutions for the reissuance of credit cards compromised by the data breach. The Home Depot has also agreed to a series of additional security measures, including implementing new safeguards developed through a risk exception process and enacting new vendor security programs.
Prior to Wednesday’s announcement, The Home Depot had already spent more than $140 million to settle claims by many of the nation’s large credit card issuers – including MasterCard, Visa, American Express, and Discover – for damages sustained in this breach.
Contacts
Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 4 min read | 05.01.26
Federal Court Blocks Trump Administration Policies Restricting Wind and Solar Permitting
A coalition of regional clean energy trade associations — including RENEW Northeast, Alliance for Clean Energy New York, Southern Renewable Energy Association, and Interwest Energy Alliance — along with the Green Energy Consumers Alliance (GECA), filed suit in December 2025 against the Department of the Interior (DOI), the Bureau of Land Management, the Bureau of Ocean Energy Management, the U.S. Fish and Wildlife Service (USFWS), and the Army Corps of Engineers. The complaint alleged that five agency actions, issued in response to a series of executive orders and presidential memoranda beginning on January 20, 2025, violated the Administrative Procedure Act (APA) by arbitrarily halting or restricting federal permitting for wind and solar energy projects. Plaintiffs sought a preliminary injunction to halt enforcement of these policies while the litigation proceeds. See Renew Northeast, et al. v. U.S. Dep’t of Interior, et al., No. 25-cv-13961-DJC, (D. Mass. Apr. 21, 2026) ECF Dkt. 89.
Client Alert | 2 min read | 05.01.26
New Executive Order Promoting Fixed Price Contracting: What It Means for Federal Contractors
Client Alert | 8 min read | 05.01.26
Pre-Approved: ICO Publishes Guidance on "Recognised Legitimate Interests”
Client Alert | 6 min read | 04.29.26
CMS Seeks to Expand Interoperability Requirements to Drug Pre-Authorization (FAQ)
