Breach at Home Depot Affects 56 Million Cards


I think that it is safe to say that after last holiday season’s raid on credit and debit card information from stores such as Target made everyone wonder just how secure information is. You would also expect, at least I would, that after hearing about how many people were affected that all large retail stores would have ramped up security to the point where you would want to use cash simply because it is quicker.

Apparently, my expectations are a bit on the high side. Just yesterday, September 18, 2014, Home Depot, the nation's largest home improvement retailer, disclosed they were subject to a data breach. What should concern everyone is that this breach lasted for several months. In fact, it lasted this year from April to the beginning of this month. What I find disconcerting is the fact that Home Depot mentioned this on September 2; however, several financial institutions reported that they were receiving alerts from Visa and MasterCard concerning specific credit and debit cards compromised in this breach from Home Depot’s cash registers up until Sept. 7. Considering that the date is five days after Home Depot announced the news; how was this happening?

Information was taken from 56 million credit and debit cards, which far exceeds last year’s Target attack. Believe it or not, back in 2007 there was an even larger incident at TJX Companies that documented 90 million records being compromised. Again, you would think that shoppers would be concerned, but if you look at the records, sales and profits did not fall. John Kindervag, vice president and principal analyst at Forrester Research, said "This is a massive breach and a lot of people are affected. Home Depot is very lucky that Target happened because there is this numbness factor."

It is almost like people expect it to happen, but are willing to take the risk and not worry about. Although Home Depot is assuring its customers that the malware used in the breach has been eliminated from its U.S. and Canadian stores, as a long time shopper I’m still quite concerned.

In a statement, Home Depot said, “To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service and the company quickly put in place other security enhancements. The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores. Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms. The encryption project was launched in January 2014. The rollout was completed in all U.S. stores on Saturday, September 13, 2014. The rollout to Canadian stores will be completed by early 2015.”

If you notice the dates in this statement, you will see the reported incidence occurred during the time of the roll out of the new system. Does that give anyone reason to pause? It does seem that customers appear to be growing used to these breaches, considering a string of them this past year, which also included at Michaels, SuperValu and Neiman Marcus.

As a closing comment, Home Depot's chairman and CEO, Frank Blake, said "We apologize to our customers for the inconvenience and anxiety this has caused and want to reassure them that they will not be liable for fraudulent charges. From the time this investigation began, our guiding principal has been to put our customers first and we will continue to do so."

Home Depot might have benefited from not making a disclosure of the breach until the spring and summer seasons were over. This is typically the busiest time of year for home improvement. Timing is everything!

Edited by Maurice Nagle

TechZone360 Contributing Writer

Related Articles

Coding and Invention Made Fun

By: Special Guest    10/12/2018

SAM is a series of kits that integrates hardware and software with the Internet. Combining wireless building blocks composed of sensors and actors con…

Read More

Facebook Marketplace Now Leverages AI

By: Paula Bernier    10/3/2018

Artificial intelligence is changing the way businesses interact with customers. Facebook's announcement this week is just another example of how this …

Read More

Oct. 17 Webinar to Address Apache Spark Benefits, Tools

By: Paula Bernier    10/2/2018

In the upcoming webinar "Apache Spark: The New Enterprise Backbone for ETL, Batch and Real-time Streaming," industry experts will offer details on clo…

Read More

It's Black and White: Cybercriminals Are Spending 10x More Than Enterprises to Control, Disrupt and Steal

By: Cynthia S. Artin    9/26/2018

In a stunning new report by Carbon Black, "Hacking, Escalating Attacks and The Role of Threat Hunting" the company revealed that 92% of UK companies s…

Read More

6 Challenges of 5G, and the 9 Pillars of Assurance Strategy

By: Special Guest    9/17/2018

To make 5G possible, everything will change. The 5G network will involve new antennas and chipsets, new architectures, new KPIs, new vendors, cloud di…

Read More