Home Depot settled with the attorneys general of 45 states and the District of Columbia over a 2014 point-of-sale systems hack, agreeing to pay $17.5 million, states announced Tuesday.
The Home Depot breach was, at the time, the largest reported breach in history, capturing 56 million credit cards. It came during a string of attacks during which POS systems were hijacked by malware; earlier that year Target had announced a similar landmark breach.
Home Depot had already settled with consumers.
The conditions of the settlement require an information security regimen, including having a chief information security officer, adequate funding and training.
“I am pleased with this settlement as it sets procedures in place that the Home Depot must follow to further protect consumers’ interests and provide them peace of mind as they shop,” said Michigan Attorney General Dana Nessel, whose state will receive $300,000, in a statement.