The cost of the 2014 Home Depot data breach, which affected 56 million credit cards and 53 million emails, continues to rise. Home Depot is facing at least 44 lawsuits, including a class action suit for $500 million. According to first quarter reports for 2015, the costs continue to accumulate for Home Depot.
During its first-quarter earnings report, Home Depot report $7 million in breach-related costs in Q1 2015, putting the total cost so far at over $50 million. The actual cost is higher, but the final cost (so far) to Home Depot includes an insurance payout of approximately $27 million. There is no estimate of the final expected cost related to this data breach, as lawsuits and settlements can drag out for many years.
“Other than $7 million of net breach-related costs contained in the Company’s first quarter fiscal 2015 earnings, at this time the Company is not able to estimate the costs, or a range of costs, related to the breach. Costs related to the breach may include liabilities to payment card networks for reimbursements of credit card fraud and card reissuance costs; liabilities related to the Company’s private label credit card fraud and card reissuance; liabilities from current and future civil litigation, governmental investigations and enforcement proceedings; future expenses for legal, investigative and consulting fees; and additional expenses and capital investments for remediation activities. Those costs may have a material adverse effect on the Company’s financial results in fiscal 2015 and/or future periods.”
Organizations that want to avoid the costly and lengthy process of dealing with a data breach can do a lot to both prevent breaches and to mitigate the fallout if a breach should occur. By implementing a holistic approach to data security that includes people, process and technology, bolstered by persistent technology to prove compliance, . For more on mitigating the costs of a data breach, we encourage you to read How to Defend Against a Data Breach and When Security Breaches Don’t Have to be Reported.