Data breaches are beginning to cost companies a lot of money. This isn’t potentially lost revenue or brand damage, which may be hard to measure. This is cold, hard cash.
Home Depot has agreed to pay as much as $19.5 million to compensate consumers for the data breach it suffered in 2014 that affected more than 50 million cardholders. That figure includes $13 million to reimburse customers for losses and $6.5 million for a year and a half of identity protection services. They have also paid out or plan to pay $161 million in total for costs related to the breach.
As part of the settlement, the company agreed to improve data security and hire a chief information security officer (CISO). That’s good. As is common in these cases, the company did not have to admit it did anything wrong. Not good. I understand this is common in these settlements, but I find it unfortunate, since the customers are affected by the negligence of the company. To me this is like saying that if I left my front door open and somebody came in and robbed me, it isn’t my fault. Companies must take data security seriously, but many of them do not even do the basics of locking the front door.