HomesecurityThe case of data breach in Home Depot is closed

The case of data breach in Home Depot is closed

After two whole years of research on one security breach of 2014, which exposed the personal data of 40 million customers, the The Home Depot Inc seems to finally get rid of the case. The Atlanta-based company has reached an agreement, according to which it will compensate 46 states with a total of 17,5 million dollars.

Home Depot

The incident happened in 2014, when hackers gained access to network of the company, developing malware in an automated purchasing system, allowing access to payment card information for customers using the automation systems between April 10 and September 13, 2014. The company agreed to implement a series of practices and improvements designed to enhance information security, which, according to the terms of the agreement, must be implemented within 180 days after 21η December 2020.

"The Home Depot has failed to protect consumers and put their data at risk," said the New York Attorney General. Letitia james, of which the state will receive approximately $ 600.000. The company agreed to undergo an information security assessment after the settlement.

Among the moves that Home Depot needs to make as a result of the settlement is the addition of a chief information security officer, who will report to senior executives as well as C-level executives and the board. Officials also agreed to provide appropriate information on safety and education privacy to any employee who has access to the company network or is responsible for the personal data of consumers. Other key efforts include software maintenance, ensuring that systems are fully up to date with the latest security measures and the use of appropriate encryption methods.

To prevent future breaches, engineers are tasked with segmenting the cardholders' data environment and mapping the company's network connections to determine how data circulates. In addition to two-factor authentication for system administrator and remote accounts access and "strong and complex passwords", the company must take steps to ensure password switching, firewalls, file integrity monitoring and payment card security, as well as maintaining the separation of development and production environments.

Logs should also be created to monitor network activity for any device trying to connect to data cardholder. According to the settlement, once the improvements are published, the company will have to undergo annual risk assessments, including documentation of the safeguards implemented.

Absent Mia
Being your self, in a world that constantly tries to change you, is your greatest achievement