Home Depot Settles Major Data Breach Suit with Financial Institutions for $25 Million
Client Alert | 1 min read | 03.13.17
On Wednesday, in one of the most high-profile data breach settlements to date, The Home Depot agreed to pay $25 million to settle a consolidated class action involving more than 60 nationwide financial institutions harmed by the retailer’s September 2014 data breach. That month, the home improvement giant announced that hackers had installed malware on Home Depot’s checkout kiosks and, over a five-month period, stolen credit card information of more than 56 million shoppers. Immediately thereafter, financial institutions filed more than 25 suits seeking compensation for reissuance fees and fraudulent transaction reimbursements, suits that were then consolidated before a federal court in Atlanta.
The agreement requires the retailer to establish a $25 million settlement fund to reimburse financial institutions for the reissuance of credit cards compromised by the data breach. The Home Depot has also agreed to a series of additional security measures, including implementing new safeguards developed through a risk exception process and enacting new vendor security programs.
Prior to Wednesday’s announcement, The Home Depot had already spent more than $140 million to settle claims by many of the nation’s large credit card issuers – including MasterCard, Visa, American Express, and Discover – for damages sustained in this breach.
Contacts

Partner and Crowell Global Advisors Senior Director
- Washington, D.C.
- D | +1.202.624.2698
- Washington, D.C. (CGA)
- D | +1 202.624.2500
Insights
Client Alert | 2 min read | 07.15.26
CMMC Phase II Suspension Requires Reconsideration of Such Requirements in Solicitations
As discussed in more detail here, the U.S. Department of War (DoW) recently issued a memorandum (Memo 26-P-1023, dated July 13, 2026) directing the immediate suspension of Cybersecurity Maturity Model Certification (CMMC) Phase II requirements. Significantly, the memo directs that “all pending and future CMMC implementation milestones across DoW solicitations and contracts are held in abeyance until further notice.” Moreover, the DoW issued a memorandum on implementing these requirements (available here), directing agencies to issue amendments removing CMMC Level 2 and 3 requirements from active solicitations “as soon as practicable.” Contractors should monitor the government’s compliance with this requirement and should be prepared, if needed, to file a bid protest to protect their rights.
Client Alert | 3 min read | 07.13.26
Amici Rally Behind Liberty Global, Urging Tenth Circuit to Rein in Economic Substance Doctrine
Client Alert | 2 min read | 07.13.26
Department of War Immediately Suspends CMMC Phase II Requirements, Launches 60-Day Reform Review
Client Alert | 3 min read | 07.10.26
