Home Depot confirms breach

Home Depot on Monday confirmed that intruders broke into its payment networks and accessed credit and debit card data of an unspecified number of customers who shopped at its U.S. and Canadian stores.

After nearly a week of investigation, Home Depot on Monday confirmed that intruders had indeed broken into its payment networks and accessed credit and debit card data belonging to an unspecified number of customers who shopped at its U.S. and Canadian stores.

The statement announcing the breach did not detail the number of stores affected or the total number of cards compromised. Instead, it merely noted that the company is looking into the possibility that the breach occurred in April.

Home Depot also said there is no evidence that debit Personal Identification Numbers (PIN) were compromised. Nor is there evidence the breach affected any Home Depot stores in Mexico or purchases made online at the company's website.

Since being told about the breach last Tuesday, Home Depot has been working around the clock to mitigate the situation, the company added.

"We apologize for the frustration and anxiety this causes our customers," Frank Blake, chairman and CEO of Home Depot, said in the statement. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges."

The statement is interesting because it makes no mention at all of the potential size and scope of the breach.

According to security blogger Brian Krebs, who first reported the intrusion, evidence from the cyber underground suggests that nearly every one of Home Depot's 2,200 stores in the U.S were impacted. The fact that the breach also remained undetected for more than three months suggests that it may end up being the biggest compromise of payment card data ever, Krebs noted.

In fact, the Home Depot breach could turn our to be several times larger than the one at Target last December in which more than 40 million payment cards were compromised.

Several companies have reported data breaches in recent days, including grocery chain Supervalu, UPS Stores Inc. and Dairy Queen.

The breaches have highlighted escalating concerns over a point of sale (PoS) system malware tool dubbed "Backoff" that has affected over 1,000 U.S, businesses, according to federal law enforcement authorities. Security firm Kaspersky Labs, which conducted its own research of the malware, believes the number could be much higher.

If other large breaches are any indication, the data compromise at Home Depot could cost the retailer hundreds of millions of dollars in remediation costs, fines and legal fees.

Since news of the breach went public, Home Depot's shares have fallen by about 3% from $93.11 last Tuesday to $90.82 on Monday. After the company confirmed the breach late Monday, its shares dropped by nearly another percent in after-hours trading.

Join the CSO newsletter!

Error: Please check your email address.

Tags intrusionsecurityHome DepotCybercrime & Hacking

More about Home DepotInc.indeedKasperskySupervalu

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts