Categories: SecurityWorkspace

Home Depot Confirms Massive Security Breach

US retailer Home Depot has confirmed a security breach in the payment systems of its stores in North America that resulted in the theft of credit and debit card data,

It has been suggested this could be  largest such incident to date and the company has said customers could have been affected from April until early last week, but added the PINs used to secure the cards did not seem to have been compromised.

The retailer said it has not yet determined the number of customers affected, but the figure could exceed 60 million, according to an unnamed source cited by The New York Times.

Biggest to date?

The breach of retail chain Target last year, currently the largest to date, affected about 40 million people, and occurred over a period of about three weeks, while the Home Depot compromise may have lasted for as long as five months.

The chain’s Mexico stores were not affected, nor was its online shop. Home Depot operates 1,977 stores in the US and 180 in Canada, about 400 more than Target had at the time of its breach.

Delayed response

The incident was first reported by blogger Brian Krebs early last week, and it seems to have been this report that alerted the company itself to the situation. The retailer had remained silent until now. Home Depot apologised for the breach, saying it had delayed notifying customers until its own investigation had confirmed the incident.

“We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred,” said chairman and chief executive Frank Blake in a statement. “It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”

Customers in the US state of Georgia filed a class-action lawsuit against the company last week for failing to protect customers and not alerting them sooner. Home Depot said it will offer identity protection and credit-monitoring services to those who used a card at any of its affected stores, adding that it has been working with security companies Symantec and FishNet Security to investigate since last week.

In August, the US Computer Emergency Readiness Team (US-CERT) warned that the point-of-sale systems of about 1,000 retailers had been compromised by the “Backoff” malware, linked to a criminal gang in Eastern Europe. According to some reports, however, the Home Depot breach may have been effected using BlackPOS, the same attack tool used in the Target incident.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago