A sigh of relieve can almost be heard coming from the data security division of Target today as the news that another US retail may have lost even more of its customers details over a few month period, writes Billy Bambrough
2,200 stores compromised over a period going back to April or May this year makes the Target leak, which saw 40m credit and debit cards stolen over a three-week period, seem almost tiny.
Go deeper with GlobalData
You can see the scale of the possible breach here.
Source: informationisbeautiful.net
Bearing in mind the Target breach cost the CEO his job, an estimated $148m to the company, tied the retail, card companies and banks up in pointless litigation (oh, and wasted 1,000 of hours in discussion on whether EMV chip and PIN would have helped – it wouldn’t), Home Depot must be pretty worried right now.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe ever alert security blogger Brian Krebs first pointed out the potential Home Depot card data leak on his blog KrebsOnSecurity and confirmed by him after he contacted banks to see if they had notice their customer’s card data available online.
Home Depot has already acted and has updated its website to keep customers in the loop with what’s happening.
Home Depot’s updated website
Krebs spoke to Home Depot spokesperson Paula Drake who confirmed the company is investigating the alleged breach.
Drake: "I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate."
"Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible."
Krebs speculates that the perpetrators may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others due to the cards being for sale on the same underground site rescator.cc.
Interestingly, as a commentator on KrebsonSecurity points out, Target and Home Depot have more than a breach in common. New Target CIO Bob DeRodes is a former Home Depot CIO (with a brief and unproductive stint at First Data Corp. in between the two gigs).
While suggesting any kind of state involvement in these data thefts is ridiculous, the hackers clearly have political motives.
Krebs writes: "In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards "American Sanctions." Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labled ‘European Sanctions.’"
Target’s handling of the situation when the story of their massive breach first broke at the end of 2013 and it should be a priority for Home Deport now to keep customers well informed, and be seen to be doing all they can to try and minimise the backlash from this.
Either way, if it’s as bad as we’ve heard so far then Home Depot CEO Frank Blake may not be around for much longer.
