Home Depot Hack Builds Case for Cyber Security

December 20, 2016

Home Depot Hack Builds Case for Cyber Security

2 Minute Read

High profile cyber breaches highlight the return on investment cyber security programs bring to businesses.

Partner, National Leader, Cyber Security

As the holiday season nears its peak shopping period, businesses with point-of-sale systems should be on red alert to prevent data breaches. The highly publicized attacks on Home Depot stores, where millions of credit card numbers and PINs were stolen over a period of six months, still reverberate throughout the retail sector.

If a data breach can happen to huge corporations like Home Depot, it’s almost certain it can happen to any enterprise or organization. But a recent court case around the Home Depot breach in Ontario shows how taking responsibility and swift action can make a difference.

When the attack was discovered in September 2014, the corporation acknowledged its systems were “desperately out of date.” It added a remediation plan had been in the works, but the directors had been too slow to implement it.

Class Action Suit

Two years later, in November 2016, the Ontario Superior Court of Justice approved a settlement agreement in a civil class action against Home Depot, reducing the amount settled on to $400,000 from more than $1 million. The unique approval was due to two primary issues. The judge determined there was no evidence the plaintiffs had suffered fraudulent charges or risked identity theft because of the breach, therefore there were no damages.

The second decisive factor was Home Depot’s response after the data breach, thought to be as a result of a third-party failure. The corporation issued a public response as soon as the attack became evident, contacting customers through emails and offering free credit monitoring and identity theft insurance. Canadian Justice Perell remarked the corporation’s response was “responsible, prompt, generous and exemplary.”

Lessons Learned

Prevention is better than a cure but having a plan in place to deal with a cyber incursion can mitigate the impact. This is of particular importance as amendments to Canada’s Digital Privacy Act are set to be enacted in 2017, along with hefty fines for non-compliance. Here are four key take-aways from the Home Depot case:

  • Your company or organization’s cyber security system will be breached. It’s a matter of when, rather than if.
  • Assess your cyber security systems appropriately, for both internal and third-party risks, such as suppliers, contractors and clients.
  • Proper controls, policies and procedures in place enable quick response, reduce losses and can protect your organization’s reputation.
  • Never doubt the return on investment for an up-to-date, comprehensive cyber security program.

The Home Depot case was in direct contrast to Yahoo, which in mid-December 2016 acknowledged a billion user accounts had been hacked as far back as 2013 and that earlier hacks happened in 2012. The disclosure impacted the $4.8-billion sale of Yahoo’s core business to Verizon Communications, which said it might seek to renegotiate the terms since the scale of the hacking hadn’t been disclosed before the deal was struck.

Big corporations have deep pockets to rebound from data loss and law suits. Does your business?

For more information, contact Danny Timmins, National Cyber Security Leader, at 905.607.9777 or [email protected]


  • Agility

    May 17, 2022

    The power of putting people first

    For your organization to thrive in a modern and competitive workforce, you may need to shift your mindset and your approach towards employee satisfaction.

  • Agility

    May 13, 2022

    [Listen] Digital transformation and the path to stronger, safer, and more efficient cities

    Digital Services partner Wendy Gnenz visited Municipal World’s MW Presents Podcast to discuss how technology is shaping the present and future of Canadian municipalities.

  • Agility

    May 13, 2022

    Real estate and construction: Insights from Federal Budget 2022

    The Federal Budget 2022 proposed a number of business and personal tax measures that will impact the real estate and construction sector. Melissa Aveiro, MNP’s Real Estate and Construction tax lead, discusses what the 2022 Federal Budget addressed – and what it did not.