Mashable: Home Depot Confirms Security Breach, Customers’ Payment Cards At Risk

September 11, 2014
michelle

HomeDepot
IMAGE: FLICKR, MIKE MOZART

By Jason Abbruzzese

September 8, 2014

Home Depot has confirmed that its payment system suffered a security breach, putting customers’ payment cards at risk.

The breach was limited to U.S. and Canadian stores, with no evidence that stores in Mexico were affected, the company said. It added that there is no evidence that PINs from debit cards were stolen.

The company announced in a press release that its investigation had found that malware had compromised its system. It said its investigation focused on April onwards.

“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, chairman and CEO of Home Depot, in a press release.

Target also suffered a malware problem with its payment system.

“One would hope that in a post-Target world, every corporation would be upgrading their payment security systems and monitoring processes, so the potential length of the supposed Home Depot breach should leave us flabbergasted,” said Nick Aceto, senior director of technology at payments company CardConnect.

A new set of stolen credit card numbers may have originated from The Home Depot, according to a report based on information from numerous banks.

The breach, first published by security reporter Brian Krebs, features American and European cards that became available for purchase on Sept. 2. The Home Depot confirmed to Krebs that the company is investigating “unusual activity.”

Krebs noted that the banks he spoke with had purchased stolen cards from a particular email address associated with Russian and Ukranian hackers that had been responsible for other attacks, including a breach at Target put more than 100 million customers in danger.

A recent study found that a group of Russia-based hackers hold around 1.2 billion username and password combinations and 500 million email addresses.

That breach turned out to be part of a larger cyberattack that targeted more than 1,000 businesses. It is unclear if this breach was part of that attack.

Home Depot shares dropped sharply following the report, off about 2.7% on the day.

 graph
HD Price data by YCharts

A Home Depot spokesperson issued a statement saying that the company was looking in to some irregularities.

At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate. Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately.

View the original article here