Categories: SecurityWorkspace

Home Depot Confirms Massive Security Breach

US retailer Home Depot has confirmed a security breach in the payment systems of its stores in North America that resulted in the theft of credit and debit card data,

It has been suggested this could be  largest such incident to date and the company has said customers could have been affected from April until early last week, but added the PINs used to secure the cards did not seem to have been compromised.

The retailer said it has not yet determined the number of customers affected, but the figure could exceed 60 million, according to an unnamed source cited by The New York Times.

Biggest to date?

The breach of retail chain Target last year, currently the largest to date, affected about 40 million people, and occurred over a period of about three weeks, while the Home Depot compromise may have lasted for as long as five months.

The chain’s Mexico stores were not affected, nor was its online shop. Home Depot operates 1,977 stores in the US and 180 in Canada, about 400 more than Target had at the time of its breach.

Delayed response

The incident was first reported by blogger Brian Krebs early last week, and it seems to have been this report that alerted the company itself to the situation. The retailer had remained silent until now. Home Depot apologised for the breach, saying it had delayed notifying customers until its own investigation had confirmed the incident.

“We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred,” said chairman and chief executive Frank Blake in a statement. “It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”

Customers in the US state of Georgia filed a class-action lawsuit against the company last week for failing to protect customers and not alerting them sooner. Home Depot said it will offer identity protection and credit-monitoring services to those who used a card at any of its affected stores, adding that it has been working with security companies Symantec and FishNet Security to investigate since last week.

In August, the US Computer Emergency Readiness Team (US-CERT) warned that the point-of-sale systems of about 1,000 retailers had been compromised by the “Backoff” malware, linked to a criminal gang in Eastern Europe. According to some reports, however, the Home Depot breach may have been effected using BlackPOS, the same attack tool used in the Target incident.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

5 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

9 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago