UPDATE 3-Home Depot settles consumer lawsuit over big 2014 data breach
(Updates costs associated with breach, paragraph 10)
By Jonathan Stempel
March 8 (Reuters) - Home Depot Inc agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders.
The home improvement retailer will set up a $13 million fund to reimburse shoppers for out-of-pocket losses, and spend at least $6.5 million to fund 1-1/2 years of cardholder identity protection services.
Home Depot also agreed to improve data security over a two-year period, and hire a chief information security officer to oversee its progress. It will separately pay legal fees and related costs for affected consumers.
Terms of the preliminary settlement were disclosed in papers filed on Monday with the federal court in Atlanta, where Home Depot is based.
Home Depot did not admit wrongdoing or liability in agreeing to settle. The settlement requires court approval.
"We wanted to put the litigation behind us, and this was the most expeditious path," spokesman Stephen Holmes said. "Customers were never responsible for any fraudulent charges."
Home Depot has said the breach affected people who used payment cards on its self-checkout terminals in U.S. and Canadian stores between April and September 2014. Continued...