As a consequence of one of the biggest retail security breaches this passing year, Home Depot has spent more than $43 million only during the last trimester on security investigations.
In a statement from this Tuesday, the retailer announced that they expect about $15 millions of that amount to be reimbursed due to a $100 million security breach insurance.
The $43 million were spent on security researches and investigations on stealing personal card information from customers of the stores, increased call center costs and other jurisdiction and consulting services on the issue.
The hackers have stolen about 56 million credit card numbers and 53 million email addresses of Home Depot customers in USA and Canada for the period from April to September this year. They have gained access to the Home Depot network by breaching a retailer’s security credentials.
The company also states that they expect substantially big jurisdiction and other professional expenses due to the personal information security breach of their customers and the stress caused.
Home Depot is currently being charged with actions in 44 courts in the USA and Canada. They expect further file complaints from customers, credit card issuers, banks and bank investors.
Customers, paying with credit cards may require partially reimbursement for the damages done by the frauds and for having to reissue their cards. The liability paid will be determined of whether the credit cards were compliant with the data security requirements at the time. An independent audit, made by one of the credit card issuers, showed that their network security certificate was compliant with the data security standards in 2013. In 2014 when the breach occurred though, it was still undergoing such certification. The credit card holders in this case will be subject of a smaller liability.
→“As a result, the Company believes it is probable that the payment card networks will make claims against it and that the Company will dispute those claims. When those claims are asserted, the Company will have to determine, based on the facts and information then available to it, whether to litigate or seek to settle those claims. At this time, the Company believes it is probable that the claims will be asserted and that settlement negotiations will ensue, and believes that a loss in connection with these claims is reasonably possible.” , Home Depot wrote.
All credit card issuers and retail dealers are required to follow the Payment Card Industry’s Data Security Standards (PCI-DSS) which represent and describe all the standards a company should follow in terms of non-cash payments. If these were not in compliance with the PCI-DSS, Home Depot might not be responsible for the liabilities.
The PCI standards council warned that it is not enough small retailers to undergo certification once a year. Security monitoring should be an ongoing action in their organizations, or they may fail to be found compliant.