(Reuters) – Home Depot Inc has agreed to pay $13 million to compensate consumers affected by a massive 2014 data breach in which payment card or other personal data was stolen from more than 50 million people.
The home improvement retailer also agreed to pay $6.5 million to fund 1-1/2 years of identity protection services for card holders, and take steps to improve data security.
Terms of the preliminary settlement were disclosed in papers filed on Monday with the federal court in Atlanta, where Home Depot is based.
Court approval is required, and Home Depot did not admit wrongdoing or liability in agreeing to settle.
The company also agreed to pay legal fees of the plaintiffs’ lawyers, on top of the settlement fund.
“We wanted to put the litigation behind us, and this was the most expeditious path,” Home Depot spokesman Stephen Holmes said. “Customers were never responsible for any fraudulent charges.”
According to court papers, the settlement covers about 40 million people who had payment card data stolen, and 52 million to 53 million people who had email addresses stolen, with some overlap between the two groups.
The $13 million will compensate consumers with documented out-of-pocket losses or unreimbursed charges.
Home Depot has said the breach affected people who used payment cards on its self-checkout lines in U.S. and Canadian stores between April and September 2014.
In November, Home Depot said it had incurred $152 million of expenses from the breach, after accounting for expected insurance proceeds.
(Reporting by Jonathan Stempel in New York; Additional reporting by Nate Raymond; Editing by Chris Reese)