Breach at Home Depot Affects 56 Million Cards

By Joe Rizzo September 19, 2014

I think that it is safe to say that after last holiday season’s raid on credit and debit card information from stores such as Target made everyone wonder just how secure information is. You would also expect, at least I would, that after hearing about how many people were affected that all large retail stores would have ramped up security to the point where you would want to use cash simply because it is quicker.

Apparently, my expectations are a bit on the high side. Just yesterday, September 18, 2014, Home Depot, the nation's largest home improvement retailer, disclosed they were subject to a data breach. What should concern everyone is that this breach lasted for several months. In fact, it lasted this year from April to the beginning of this month. What I find disconcerting is the fact that Home Depot mentioned this on September 2; however, several financial institutions reported that they were receiving alerts from Visa and MasterCard concerning specific credit and debit cards compromised in this breach from Home Depot’s cash registers up until Sept. 7. Considering that the date is five days after Home Depot announced the news; how was this happening?

Information was taken from 56 million credit and debit cards, which far exceeds last year’s Target attack. Believe it or not, back in 2007 there was an even larger incident at TJX Companies that documented 90 million records being compromised. Again, you would think that shoppers would be concerned, but if you look at the records, sales and profits did not fall. John Kindervag, vice president and principal analyst at Forrester Research, said "This is a massive breach and a lot of people are affected. Home Depot is very lucky that Target happened because there is this numbness factor."

It is almost like people expect it to happen, but are willing to take the risk and not worry about. Although Home Depot is assuring its customers that the malware used in the breach has been eliminated from its U.S. and Canadian stores, as a long time shopper I’m still quite concerned.

In a statement, Home Depot said, “To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service and the company quickly put in place other security enhancements. The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms. The encryption project was launched in January 2014. The rollout was completed in all U.S. stores on Saturday, September 13, 2014. The rollout to Canadian stores will be completed by early 2015.”

If you notice the dates in this statement, you will see the reported incidence occurred during the time of the roll out of the new system. Does that give anyone reason to pause? It does seem that customers appear to be growing used to these breaches, considering a string of them this past year, which also included at Michaels, SuperValu and Neiman Marcus.

As a closing comment, Home Depot's chairman and CEO, Frank Blake, said "We apologize to our customers for the inconvenience and anxiety this has caused and want to reassure them that they will not be liable for fraudulent charges. From the time this investigation began, our guiding principal has been to put our customers first and we will continue to do so."

Home Depot might have benefited from not making a disclosure of the breach until the spring and summer seasons were over. This is typically the busiest time of year for home improvement. Timing is everything!




Edited by Maurice Nagle

TechZone360 Contributing Writer

SHARE THIS ARTICLE
Related Articles

Bloomberg BETA: Models Are Key to Machine Intelligence

By: Paula Bernier    4/19/2018

James Cham, partner at seed fund Bloomberg BETA, was at Cisco Collaboration Summit today talking about the importance of models to the future of machi…

Read More

Get Smart About Influencer Attribution in a Blockchain World

By: Maurice Nagle    4/16/2018

The retail value chain is in for a blockchain-enabled overhaul, with smarter relationships, delivering enhanced transparency across an environment of …

Read More

Facebook Flip-Flopping on GDPR

By: Maurice Nagle    4/12/2018

With GDPR on the horizon, Zuckerberg in Congress testifying and Facebook users questioning loyalty, change is coming. What that change will look like,…

Read More

The Next Phase of Flash Storage and the Mid-Sized Business

By: Joanna Fanuko    4/11/2018

Organizations amass profuse amounts of data these days, ranging from website traffic metrics to online customer surveys. Collectively, AI, IoT and eve…

Read More

Satellite Imaging - Petabytes of Developer, Business Opportunities

By: Doug Mohney    4/11/2018

Hollywood has programmed society into believing satellite imaging as a magic, all-seeing tool, but the real trick is in analysis. Numerous firms are f…

Read More