Home Depot faces dozens of lawsuits

 By Tom Murphy

AP Business Writer
 
Home Depot faces at least 44 lawsuits in the United States and Canada over a massive data breach earlier this year that affected 56 million debit and credit cards.
 
The nation’s biggest home improvement retailer said this week in a regulatory filing that several state and federal agencies also are looking into the data breach and it may face more litigation from customers, banks, shareholders and others.

Home Depot said the litigation and the investigations may distract management and affect how it runs its business. It also could lead to additional costs and fines. But those expenses aren’t clear yet because the cases are in early stages, the company said in a quarterly filing with the Securities and Exchange Commission.

The company said earlier this month after announcing third-quarter earnings that it anticipates a fourth-quarter breach-related expense of about $27 million, but only about $6 million after insurance.
Home Depot has a $100 million insurance policy for breach-related expenses. That comes with a $7.5 million deductible.

The Atlanta-based retailer disclosed the months-long breach of data in September. It has said that the hackers initially accessed its network in April with a third-party vendor’s username and password. Hackers then deployed malware on Home Depot’s self-checkout systems to gain access to the card information of customers who shopped at its U.S. and Canadian stores between April and September.

Home Depot’s breach surpassed Target’s pre-Christmas 2013 data theft, which compromised 40 million credit and debit cards and hurt sales and profits. Since late last year, Michaels, SuperValu
and Neiman Marcus have been among a string of retailers that have also reported breaches, though they were smaller.

Home Depot has since said that hackers also stole 53 million email addresses.

The company said in its filing on Tuesday that it has since completed a major security improvement. Its new security scrambles raw card information to make it unreadable to unauthorized users.
The security project has been completed in U.S. stores.