The Home Depot investigates possibility of massive data breach

The Home Depot investigates possibility of massive data breach

Summary: Reports are out that a new batch of stolen credit and debit cards hit the cybercrime underground on Tuesday, with multiple banks confirming that The Home Depot stores may be the source.

SHARE:
TOPICS: Security
8
Screen Shot 2014-09-02 at 2.57.30 PM
Credit: The Home Depot

Home improvement retailer The Home Depot may be the latest target of the massive Russia-based hacker ring hitting US businesses.

As first reported on the website of cybersecurity journalist Brian Krebs, a new batch of stolen credit and debit cards hit the cybercrime underground on Tuesday, and multiple banks confirmed that The Home Depot stores may be the source.

Paula Drake, a spokesperson for the retail chain, confirmed that the company is actively investigating the possible breach with its banking partners and law enforcement:

"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," Drake told Krebs in a prepared statement. "If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible."

Even without official confirmation of the breach, there is speculation that it could be many times larger than the one that hit Target last year, as The Home Depot has some 2,200 stores in the US and nearly 300 in other countries, and early analysis suggests all of the stores were affected.

Since late 2013, data breaches at US businesses have become all too common. Albertson's, Target, Michaels, Neiman Marcus, Sally Beauty, P.F. Chang's and SuperValu have all experienced significant breaches believed to stem from a group of Russian and Ukranian hackers. 

Most recently, the group is said to have stolen more than 1.2 billion Internet credentials — including usernames and passwords — with more than 500 million email addresses. In that case, however, most of the IDs exploited were used for sending spam on social networks, rather than illegal spending and selling on the black market.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • You know the only way to protect your credit card info?:

    REVIEW YOUR BILL!
    Joe_Raby
    • Maybe Semantics, But...

      While reviewing our bills/statements is absolutely critical - I also view that as more 'damage control' than 'real time' protection.

      As consumers, we need to exercise due care, of course, but really -- the financial industry needs to do a lot more and a lot better to truly minimize unauthorized transactions.
      ReadandShare
  • The Home Depot investigates possibility of massive data breach

    What OS were they running? Oh that explains it.
    Loverock.Davidson
    • Last time I checked, the point of sale machines were still Windows...

      Yep, I guess that does explain it.
      jessepollard
      • Check the servers

        Since that is where the data will be stolen, not from the POS. HAHAHA!
        Loverock.Davidson
    • POS

      “Last month, US CERT warned that this vector was being actively targeted and that both supermarket chain Supervalu and delivery firm UPS have reported being hit.”

      “Point-of-sale malware is possible because the software such terminals use is usually poorly protected and they run old or outdated operating systems. Once installed, such malware can be difficult to detect and highly efficient at capturing data.”

      http://www.theregister.co.uk/2014/09/02/home_depot_investigating_if_its_the_latest_victim_of_retail_hackers
      daikon
      • Check the servers

        Since that is where the data will be stolen, not from the POS. HAHAHA!
        Loverock.Davidson
        • Your mad....You got it wrong :(
          daikon