Navigation

Home Depot Confirms Breach By Jaikumar Vijayan Computerworld | Sep 8, 2014 3:12 PM PT

Sep 09, 2014

By Jaikumar Vijayan

Computerworld | Sep 8, 2014 3:12 PM PT

After nearly a week of investigation, Home Depot on Monday confirmed that intruders had indeed broken into its payment networks and accessed credit and debit card data belonging to an unspecified number of customers who shopped at its U.S. and Canadian stores.

Data integration is often underestimated and poorly implemented, taking time and resources.

The statement announcing the breach did not detail the number of stores affected or the total number of cards compromised. It merely noted that the company is looking into the possibility that the breach occurred in April.

Home Depot also said there is no evidence that debit card personal identification numbers (PIN) were compromised. Nor is there evidence the breach affected any Home Depot stores in Mexico or purchases made online at the company's website.

The company added that it has been working around the clock to mitigate the situation since being told about the breach last Tuesday.

"We apologize for the frustration and anxiety this causes our customers," Frank Blake, chairman and CEO of Home Depot, said in the statement. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges."

The statement is interesting because it makes no mention at all of the potential size and scope of the breach.

According to security blogger Brian Krebs, who first reported the intrusion, evidence from the cyber underground suggests that nearly all of Home Depot's 2,200 stores in the U.S were impacted. The fact that the breach also appears to have remained undetected for more than three months suggests that it may end up being the biggest compromise of payment card data ever, Krebs noted.

In fact, the Home Depot breach could turn our to be several times larger than the one that Target experienced last December. More than 40 million payment cards were compromised in the Target breach.

Several companies have reported data breaches in recent days, including grocery chain Supervalu, UPS Stores Inc. and Dairy Queen.

The breaches highlighted escalating concerns over malware dubbed "Backoff" that infects point-of-sale (POS) systems and has affected over 1,000 U.S. businesses, according to federal law enforcement authorities. Security firm Kaspersky Labs, which conducted its own research of the Backoff malware, believes the number of affected businesses could be much higher.

If other large breaches are any indication, the data compromise at Home Depot could cost the retailer hundreds of millions of dollars in remediation expenses, fines and legal fees.

Since news of the breach went public, Home Depot's stock price has fallen by about 3%, from $93.11 per share last Tuesday to $90.82 on Monday. After the company confirmed the breach late Monday, its share price dropped by nearly another percentage point in after-hours trading.

PREVIOUS POSTS
Aug 25.14 | UPS Hit by Data Breach Company Doesn't Know How Many Customers Were Affected, Only the Number of Transactions. Wall Street Journal By Laura Stevens

read more

May 05.14 | Target CEO Departs in Wake of Data Breach Source: Brian Prince Contributing Writer, Dark Reading

read more

Jun 10.13 | Canada Eavesdropping on Phone, Internet Records Too: Source: Globe and Mail

read more

Jan 18.13 | Java Security Warnings: Cut Through The Confusion by Mathew J. Schwartz

read more

May 29.12 | Researchers identify Stuxnet-like malware called 'Flame' By Lucian Constantin

read more

May 18.12 | Even a minor lapse in security protocol can lead to major costs Posted by: Karen Goulart

read more

Apr 03.12 | Global Payments hopes to soon regain PCI compliance after breach

Global Payments hopes to soon regain PCI compliance after breach
read more

Feb 23.12 | The New Canada Not-for-profit Corporations Act: What It Might Mean for Your Franchise System’s Ad Fund

read more

Oct 11.11 | Businesses failing to comply with PCI DSS security standards: Verizon and Banktech India News Network, 9/29/2011 10:55:29 AM

Too many businesses are struggling to comply with payment card security standards, putting consumers’ confidential information at risk, according to a report by IT services and solutions provider Verizon. Te report for a second year in a row found compliance lacking on the payment card security front. read more

ARCHIVE