Home Depot faces dozens of lawsuits after massive security breach

Home Depot faces at least 44 lawsuits in the United States and Canada over a massive data breach earlier this year that affected 56 million debit and credit cards.

• Home Depot security hack: What to do if your cards are breached
• Home Depot says Canadians could be affected by security breach
• Home Depot offers credit monitoring amid card breach worries

The nation's biggest home improvement retailer said Tuesday in a regulatory filing that several state and federal agencies also are looking into the data breach and it may face more litigation from customers, banks, shareholders and others.

Home Depot said the litigation and the investigations may distract management and affect how it runs its business. It also could lead to additional costs and fines. But those expenses aren't clear yet because the cases are in early stages, the company said in a quarterly filing with the Securities and Exchange Commission.

The company said earlier this month after announcing third-quarter earnings that it anticipates a fourth-quarter breach-related expense of about $27 million, but only about $6 million after insurance.

Home Depot has a $100 million insurance policy for breach-related expenses. That comes with a $7.5 million deductible.

Self-checkout system targeted

The Atlanta-based retailer disclosed the months-long breach of data in September. It has said that the hackers initially accessed its network in April with a third-party vendor's username and password. Hackers then deployed malware on Home Depot's self-checkout systems to gain access to the card information of customers who shopped at its U.S. and Canadian stores between April and September.

Home Depot's breach surpassed Target's pre-Christmas 2013 data theft, which compromised 40 million credit and debit cards and hurt sales and profits. Since late last year, Michaels, SuperValu and Neiman Marcus have been among a string of retailers that have also reported breaches, though they were smaller.

• Home Depot admits 56 million cards hit by security breach
• Home Depot says hackers also took 53 million email addresses

Home Depot has since said that hackers also stole 53 million email addresses.

The company said in its filing on Tuesday that it has since completed a major security improvement. Its new security scrambles raw card information to make it unreadable to unauthorized users.

The security project has been completed in U.S. stores, and Home Depot expects to do the same for its Canadian locations early next year.

Home Depot shares fell 97 cents, or 1 per cent, to $97.43 in morning trading Tuesday. Its shares had risen nearly 20 per cent through Monday's close so far this year. Meanwhile, the Standard & Poor's 500 index has climbed about 12 per cent.