All US Home Depot Locations Possibly Breached

Banks are seeing evidence that the US home improvements retail chain Home Depot may be the point of origin for a new batch of stolen debit and credit card information being sold on the black market, according to cybercrime specialist Brian Krebs.

Preliminary analysis showed that the cyberattack may have affected all of the company’s US stores, which currently total 1,977. According to several banks, the breach may have begun in April or May 2014. If that all of that is true, this breach may be larger than the infamous Target breach at the end of 2013.

Home Depot confirmed that it was working with banking partners and law enforcement to investigate unusual activity.

“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers,” said Home Depot spokeswoman Paula Drake. “If we confirm that a breach has occurred, we will make sure customers are notified immediately.”

Citing security reasons, Drake added that it would be inappropriate for Home Depot to speculate further and that the company would provide more information as soon as possible.

The report also said there are signs that the perpetrators may be the same group of Russian and Ukrainian hackers who were connected to other recent cyber attacks, such as the Target breach.

Last month, Home Depot named Craig Menear, president of its US retail unit, as its next chief executive (CEO). He succeeds Frank Blake, who has served as CEO since 2007, on 1 November.

“Home Depot is the latest in a long list of data breach victims,” said Jason Hart, vice president (VP) cloud solutions at SafeNet. “The prevailing perception around data breaches is that they cause long term damage to an organisation’s bottom line. This isn’t necessarily case.

“If you look at the top breaches of the last few years in the pre-Target era, they had limited to no long-term effect on the companies’ bottom lines or stock price. You’ll see a short term blip, and then customers come back. The Target data breach had a significant financial impact on the company, but it’s still too early to estimate how it will impact customer loyalty.

“We don’t know, at this point, what is happening at Home Depot, but this breach and the many data breaches we have seen before are simply a symptom of an outdated approach to securing customer data. Companies need to adopt a secure breach approach that focuses on securing the data once intruders penetrate the perimeter defences. This means they need to attach security directly to the data itself using multi-factor authentication and data encryption, as well as securely managing encryption keys. That way, if the data is stolen it is useless to the thieves.”


Related reading