I think that it is safe to say that after last holiday season’s raid on credit and debit card information from stores such as Target made everyone wonder just how secure information is. You would also expect, at least I would, that after hearing about how many people were affected that all large retail stores would have ramped up security to the point where you would want to use cash simply because it is quicker.
Apparently, my expectations are a bit on the high side. Just yesterday, September 18, 2014, Home Depot, the nation's largest home improvement retailer, disclosed they were subject to a data breach. What should concern everyone is that this breach lasted for several months. In fact, it lasted this year from April to the beginning of this month. What I find disconcerting is the fact that Home Depot mentioned this on September 2; however, several financial institutions reported that they were receiving alerts from Visa and MasterCard concerning specific credit and debit cards compromised in this breach from Home Depot’s cash registers up until Sept. 7. Considering that the date is five days after Home Depot announced the news; how was this happening?
Information was taken from 56 million credit and debit cards, which far exceeds last year’s Target attack. Believe it or not, back in 2007 there was an even larger incident at TJX Companies that documented 90 million records being compromised. Again, you would think that shoppers would be concerned, but if you look at the records, sales and profits did not fall. John Kindervag, vice president and principal analyst at Forrester Research, said "This is a massive breach and a lot of people are affected. Home Depot is very lucky that Target happened because there is this numbness factor."
It is almost like people expect it to happen, but are willing to take the risk and not worry about. Although Home Depot is assuring its customers that the malware used in the breach has been eliminated from its U.S. and Canadian stores, as a long time shopper I’m still quite concerned.
In a statement, Home Depot said, “To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service and the company quickly put in place other security enhancements. The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms. The encryption project was launched in January 2014. The rollout was completed in all U.S. stores on Saturday, September 13, 2014. The rollout to Canadian stores will be completed by early 2015.”
If you notice the dates in this statement, you will see the reported incidence occurred during the time of the roll out of the new system. Does that give anyone reason to pause? It does seem that customers appear to be growing used to these breaches, considering a string of them this past year, which also included at Michaels, SuperValu and Neiman Marcus.
As a closing comment, Home Depot's chairman and CEO, Frank Blake, said "We apologize to our customers for the inconvenience and anxiety this has caused and want to reassure them that they will not be liable for fraudulent charges. From the time this investigation began, our guiding principal has been to put our customers first and we will continue to do so."
Home Depot might have benefited from not making a disclosure of the breach until the spring and summer seasons were over. This is typically the busiest time of year for home improvement. Timing is everything!
Edited by
Maurice Nagle