From the Reuters article:
The home improvement retailer will set up a $13 million fund to reimburse shoppers for out-of-pocket losses, and spend at least $6.5 million to fund 1-1/2 years of cardholder identity protection services.
Home Depot also agreed to improve data security over a two-year period, and hire a chief information security officer to oversee its progress. It will separately pay legal fees and related costs for affected consumers.
"We wanted to put the litigation behind us, and this was the most expeditious path," spokesman Stephen Holmes said. "Customers were never responsible for any fraudulent charges."
Home Depot confirmed the data breach back in September 2014, saying that anyone who used a debit or credit card at its U.S. or Canadian stores since April may have had their data stolen.
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," Frank Blake, chairman and CEO, said at the time. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."
The home improvement store recently posted its fourth-quarter earnings, which exceeded expectations thanks to a boost in sales.