Home Depot Hack Builds Case for Cyber Security

December 20, 2016

Home Depot Hack Builds Case for Cyber Security

Synopsis
2 Minute Read

High profile cyber breaches highlight the return on investment cyber security programs bring to businesses.

Danny Timmins
Danny Timmins, CISSP
Partner, National Leader, Cyber Security

As the holiday season nears its peak shopping period, businesses with point-of-sale systems should be on red alert to prevent data breaches. The highly publicized attacks on Home Depot stores, where millions of credit card numbers and PINs were stolen over a period of six months, still reverberate throughout the retail sector.

If a data breach can happen to huge corporations like Home Depot, it’s almost certain it can happen to any enterprise or organization. But a recent court case around the Home Depot breach in Ontario shows how taking responsibility and swift action can make a difference.

When the attack was discovered in September 2014, the corporation acknowledged its systems were “desperately out of date.” It added a remediation plan had been in the works, but the directors had been too slow to implement it.

Class Action Suit

Two years later, in November 2016, the Ontario Superior Court of Justice approved a settlement agreement in a civil class action against Home Depot, reducing the amount settled on to $400,000 from more than $1 million. The unique approval was due to two primary issues. The judge determined there was no evidence the plaintiffs had suffered fraudulent charges or risked identity theft because of the breach, therefore there were no damages.

The second decisive factor was Home Depot’s response after the data breach, thought to be as a result of a third-party failure. The corporation issued a public response as soon as the attack became evident, contacting customers through emails and offering free credit monitoring and identity theft insurance. Canadian Justice Perell remarked the corporation’s response was “responsible, prompt, generous and exemplary.”

Lessons Learned

Prevention is better than a cure but having a plan in place to deal with a cyber incursion can mitigate the impact. This is of particular importance as amendments to Canada’s Digital Privacy Act are set to be enacted in 2017, along with hefty fines for non-compliance. Here are four key take-aways from the Home Depot case:

  • Your company or organization’s cyber security system will be breached. It’s a matter of when, rather than if.
  • Assess your cyber security systems appropriately, for both internal and third-party risks, such as suppliers, contractors and clients.
  • Proper controls, policies and procedures in place enable quick response, reduce losses and can protect your organization’s reputation.
  • Never doubt the return on investment for an up-to-date, comprehensive cyber security program.

The Home Depot case was in direct contrast to Yahoo, which in mid-December 2016 acknowledged a billion user accounts had been hacked as far back as 2013 and that earlier hacks happened in 2012. The disclosure impacted the $4.8-billion sale of Yahoo’s core business to Verizon Communications, which said it might seek to renegotiate the terms since the scale of the hacking hadn’t been disclosed before the deal was struck.

Big corporations have deep pockets to rebound from data loss and law suits. Does your business?

For more information, contact Danny Timmins, National Cyber Security Leader, at 905.607.9777 or [email protected]

Insights

  • Performance
    New Brunswick Government Building

    May 06, 2021

    New Brunswick Budget Highlights

    New Brunswick Finance Minister Ernie Steeves tabled the Province’s 2021-22 Budget on March 16, 2020, focusing on addressing public health challenges and supporting the Province’s economic recovery.

  • Performance
    business woman looking out by the window

    May 03, 2021

    Talk to the experts: Protect your business against fraud

    Listen in and find out how to better protect your business against fraud, with Lisa Majeau Gordon, MNP's National Leader of Forensics and Litigation Support.

  • Progress
    Business meeting

    May 03, 2021

    Purchasing a professional practice during a global pandemic

    Tips for navigating the changing world of professional practices from our experienced advisors.