As Home Depot works to shore up defenses to avoid falling prey to another cyberattack, the home improvement chain says the backlash, including 44 civil suits, is far from over and the breach will have a significant impact on operations moving forward.
Home Depot has been working to deploy EuroPay MasterCard Visa (EMV) chip-and-pin security at each of its U.S. and Canadian stores. The breach compromised the financial details of customers who shopped at any of Home Depot's 2,266 stores in the U.S. and Canada.
Shortly after the months-long attack was discovered on Sept. 18, several state attorneys general launched a multistate probe -- though the full extent of the intrusion is still unknown. Weeks later, federal investigators found the breach also compromised email accounts of about 52 million customers.
In a recent filing of its quarterly report ending Nov. 2 with the Securities and Exchange Commission, Home Depot warned it is being swamped with investigations and lawsuits related to the massive breach.
"It is possible that we will identify additional information that was accessed or stolen, or other unforeseen developments related to the data breach could occur, which could have a further adverse impact on our operations, financial results and reputation," states Home Depot.
The home improvement chain is facing 44 civil suits filed in the U.S. and Canada. The suits were presented on behalf of customers, payment card institutions, issuing banks, shareholders and other parties. Home Depot also said the company is being investigated by the same law enforcement agencies that are probing the breach.
"These claims and investigations may adversely affect how we operate our business, divert the attention of management from the operation of the business and result in additional costs and fines," states Home Depot.
Despite Home Depot's efforts to tighten up security, the company revealed it still fears falling prey to a breach. It's a pronounced change in tone from when the company confidently assured consumers the threat had been contained, but it's also more realistic for the company to realize that it, or any other organization, could fall to an evolved attack.
"[The] ever-evolving threats mean we must continually evaluate and adapt our systems and processes, and there is no guarantee that they will be adequate to safeguard against all data security breaches or misuses of data," states Home Depot.