Home depot Confirms Massive Data Breach

By Sarah Price - 09 Sep '14 11:34AM

Home Depot, the famous American construction and building material retailer, confirmed Monday that its U.S. and Canadian payment systems have been breached and that the company is working to determine the scope, scale and impact of the breach.

"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," Frank Blake, chairman and CEO of Home Depot said in a statement.

"We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts," he added.

The company, however, affirmed that customers who shopped online or at their Mexico outlets have not been affected.

Last week, news of a potential breach surfaced after a large amount of financial (debit and credit card) data came up for sale on a criminal website. Journalist Brian Krebbs broke news of the breach writing on his blog that the data breach may have started in mid March or April.

Some experts say that the fact that Krebbs was the one to break the news and not the company itself could put Home depot in trouble.

"This is not how you handle a significant security breach, nor will it provide any sort of confidence that Home Depot can solve the problem going forward," Eric W. Cowperthwaite, vice president of Core Security, an Internet-security consulting company, told the New York Times.

Of now, not much detail is available about the breach but Home Depot says that its IT officials are working around the clock with security experts to zero in on damages.

The breach will overshadow the Target credit card breach that exposed about 40 million accounts and compromised personal information of about 70 million people.

Goodwill Stores also announced last week that credit and debit card information of several customers had been stolen from 300 stores across 19 states in the U.S. from Feb 2013 to August 2014.

The Department of Homeland Services says that the breach is a result of malicious software called "Blackoff," which has affected more than 1,000 businesses in the country. The software was not recognized by any anti-virus until last month.  A modified version of the software was used to hack into Home Depot's accounts.

Experts say it is of utmost importance that they remove the magnetic strip that helps transfer data from the cards and introduce a computer chip and PIN number method to prevent such breaches. Also, banks and credit card companies need to tighten security standards.

Fun Stuff

The Next Read

Real Time Analytics