Home Depot Data Breach

2954 WordsFeb 3, 201612 Pages
Home Depot Data Breach Background on the 2014 Home Depot Data Breach Home depot was the target of a cyberattack on their information system infrastructure that lasted from April of 2014 to September of 2014. As a result of the attack and following data breach, 56 million credit-card accounts and 53 million email addresses were stolen. (“Home Depot Hackers Exposed 53 Million Email Addresses”) The cyberattack involved several steps. First, the attackers gained third party credentials allowing them into the system. Next they exploited an unknown weakness in the system that allowed for the attackers to elevate their own access privileges. Finally, they installed malware on Home Depot’s self-checkout systems in the U.S. and Canada, allowing…show more content…
The costs that the company will incur can be broken down into six different categories: investigation and remediation, notification, identify theft and credit monitoring, disruptions in normal business operations, and lost business. Investigation costs involve those related to examining how and why the data was compromised, and remediation costs relate to the costs incurred to set up safeguards. Home Depot’s pre-tax expense relating to investigation and remediation was $43 million in the third quarter of 2014 alone. Notification costs relate to notifying the relevant individuals, regulators, and media personnel. Simply mailing notification letters, at 49 cents per stamp, equates to a $27.44 million expense. Costs relating to identify theft and credit monitoring include the cost of identity theft protection for each of the victims. Assuming $10 per victim, this results in a $560 million cost for Home Depot. Disruptions to Home Depot’s normal business operations include the opportunity cost of the reduced investments in the company’s operations, as well as reduced time on standard business activities. This cost is estimated to be $20 per victim. Home Depot will likely lose business due to customers being scared away, and the related cost is approximately $30 per victim. Finally, lawsuits relating to the data breach are expected to incur $3 billion in expenses for Home Depot. 44 suits have already surfaced since the cyberattack. (“Home Depot: Will
Open Document