Since the discovery of the intrusion in September, the expenses incurred by Home Depot specifically related to the incident have been estimated at $43 / €34.530 million by the company.

The detail was included in a regulatory filing with the Securities and Exchange Commission (SEC) on Tuesday, where the company also mentioned that the event generated at least 44 civil lawsuits in the US and Canada.

Insurance covers part of the expenses

At the beginning of September, Home Depot received an alert about an intrusion on their payment card processing systems. The investigation revealed that the attack was conducted by still unidentified parties, on US and Canadian stores, and lasted from April until September.

About three weeks into the investigation, the company announced that information of no less than 56 million credit cards had been exposed. In early November, though, Home Depot informed that an additional 53 million email addresses had been leaked during the incident.

According to the report to SEC, the retailer has already spent $43 / €34.530 million in the third quarter of 2014, with deploying the investigation, covering identity protection services (credit monitoring included) to the affected customers, increasing the call center staff, and with different professional services.

$15 / €12 million from these expenses is expected to be recovered by the company through its insurance, lowering the current deficit to $28 / €22.4 million.

Other expenses are expected

However, the expenditure for this incident alone is not over, as financial claims are expected from payment card networks for the losses they incurred.

The SEC document reveals that, at the time of the breach, Home Depot was in the process of obtaining certification for 2014 for compliance of its payment card data network with the security standards; this could be a reason either for litigation or for settling, the latter being the more likely course of action.

Furthermore, apart from the 44 civil lawsuits, it is possible that other claims be filed on behalf of affected customers, payment card brands, payment card issuing banks, and shareholders.

Investigation of the incident is ongoing, and multiple state and federal agencies are involved in finding out how the breach occurred, its consequences and the response from the company.

Home Depot alleges that it may have to pay fines, but it cannot assess the total costs associated with the breach because there isn’t sufficient information.

The measures taken to avert such an unfortunate event consist of enhanced encryption for the payment card data at POS level in the US stores; this will be completed for locations in Canada by early 2015. Additionally, EMV chip-and-PIN technology, which is already present in Canada, is being rolled out in the US too.