(Reuters) – Home Depot Inc., the largest home improvement retailer in the United States, reached a $ 17.5 million deal on Tuesday to solve a multi-piece probe into a 2014 data breach in which hackers gained access to debit card data such as belongs to 40 million customers.  The settlement with 46 US states and Washington, DC, stemmed from an infringement between April 10, 2014 and September 13, 2014, affecting customers who used self-cash terminals in their US and Canadian stores.
Hackers used a provider's username and password to infiltrate Home Depot's network and distributed customized malware to gain access to customers' debit card information.
The Atlanta-based retailer previously said that at least 52 million people also had their email addresses exposed and partially overlapped those whose credit card information was compromised.
Home Depot did not acknowledge responsibility when it agreed to the settlement, which requires it to hire an information security manager and upgrade its security procedures and training.
The probe was led by Connecticut, Illinois and Texas.
Companies that collect sensitive personal information from customers "have an obligation to protect this information from illegal use or disclosure," Connecticut attorney general William Tong said in a statement. "Home Depot failed to take these precautions."
In a statement, Home Depot said that security is a top priority, and that since 201
Home Depot had previously recorded $ 198 million in advance expenses for the violation and resolved disputes from customers, card issuers and banks claiming that they were damaged. Catalog