How come an independent security blogger has to reveal massive retail credit card breaches? Brian Krebs also blew the lid off the Target debacle. He thinks this could be much bigger than the Target breach. What you get from the mega-retailers is stonewalling and canned PR messaging. They are clueless fucks who are busy spending their money on stock buybacks and executive stock options, rather than IT security.
DO NOT SHOP AT HOME DEPOT. Your data is not safe.
Banks: Credit Card Breach at Home Depot
Multiple banks say they are seeing evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards that went on sale this morning in the cybercrime underground. Home Depot says that it is working with banks and law enforcement agencies to investigate reports of suspicious activity.
Contacted by this reporter about information shared from several financial institutions, Home Depot spokesperson Paula Drake confirmed that the company is investigating.
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
There are signs that the perpetrators of this apparent breach may be the same group of Russian and Ukrainian hackers responsible for the data breaches at Target, Sally Beauty and P.F. Chang’s, among others. The banks contacted by this reporter all purchased their customers’ cards from the same underground store – rescator[dot]cc — which on Sept. 2 moved two massive new batches of stolen cards onto the market.
In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards “American Sanctions.” Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labled “European Sanctions.”
It is not clear at this time how many stores may be impacted, but preliminary analysis indicates the breach may extend across all 2,200 Home Depot stores in the United States. Home Depot also operates some 287 stores outside the U.S. including in Canada, Guam, Mexico, and Puerto Rico.
This is likely to be a fast-moving story with several updates as more information becomes available. Stay tuned.
Update: 1:50 p.m. ET: Several banks contacted by this reporter said they believe this breach may extend back to late April or early May 2014. If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period.
Stock buybacks blamed for lack of U.S. prosperity
By Russ Britt
Published: Sept 2, 2014 4:51 p.m. ET
Academic says it’s time to put a lid on executive compensation
LOS ANGELES (MarketWatch) — As major stock indexes touch new highs on a regular basis, one academic says those profits are here courtesy of massive share buyback initiatives throughout the bulk of corporate America — and could come back to haunt the markets at some point.
Writing in September’s Harvard Business Review, University of Massachusetts economics professor William Lazonick says corporate buybacks are lining executives’ pockets, but are coming at the expense of productivity as well as overall prosperity. That could cost many companies their futures, as a number of businesses are forsaking investments in coming up with new products. They’re also not compensating employees more.
Lazonick says the 449 companies on the S&P 500 that were public from 2003-2012 spent 54% of their earnings on stock buybacks in the last decade, while dividends ate up another 37%. That left little for investments in new products or raises for workers.
“Corporate executives give several reasons, which I will discuss later,” Lazonick writes in his piece.
“But none of them has close to the explanatory power of this simple truth: Stock-based instruments make up the majority of their pay, and in the short term buybacks drive up stock prices.”
He says executives made, on average, $30.3 million each, with 42% stemming from stock options and 41% from stock awards.
Some of the more pronounced examples include ExxonMobil’s XOM, -0.98% failure to invest its own money in alternative energies, but to spend $21 billion a year on stock buybacks, Lazonick says. The energy giant, along with Microsoft Corp. MSFT, -0.75% and General Electric Co. GE, -0.50% , have lobbied the U.S. government to boost its investments in alternative energies though none have done their own investing and have bought back significant chunks of stock.
Also mentioned is Intel Corp. INTC, -1.00% , which is calling for greater U.S. investment in nanotechnology, though its own buybacks were quadruple that of government spending on the initiative.
And Pfizer Inc. PFE, -0.44% , along with other drug makers, is taken to task for charging higher prices for medicines in the U.S., while spending nearly three-fourths of its income on buybacks. Pfizer, Lazonick says, justifies its higher U.S. prices on research and development costs.
Lazonick quotes Laurence Fink, chairman and chief executive of asset manager BlackRock , who said in an open letter to corporations: ““It concerns us that, in the wake of the financial crisis, many companies have shied away from investing in the future growth of their companies.”
An end to open-market buybacks, the reining in of stock-based compensation and reforming boards so that they’re not inclined toward doling out share packages to executives would be good steps, Lazonick says.
1. Why are we not asking why this doesn’t happen in Europe? Seems our advanced technology is not so advanced here, my guess is the EU forced the banksters to secure the info, where ours forces victims to pay, and pay, and pay.
2. Once again with the freaking “Russian and Ukrainian” hackers. Am I the only one that smells propaganda and red herrings here? Back when China was our worry (thanks to the Jap islands), it was always Chinese hackers. Things that make you go, hmmmm?
3. If I were the PTB, this is going to be used to turn over our banking and cc accounts for “real time” monitoring by the Feds, pick a 3 letter group, IRS, SEC, FCC, NSA, or all of the above?
So what a convenient breach. It creates animosity, and war-drumming, it scares people, it siphons money from the productive little to the rich, and it opens a door for the Feds to take over another aspect of our lives. Exactly like 9-11 and the drug war. Of course, once you know the play works, you continue to use it. Sheeple say, as usual, “baaaaa.”
Put a freaking fork in us folks, once the cure happens, we will be done.
“DO NOT SHOP AT HOME DEPOT.”
No problem! 😛
why should any credit card holder worry about a number stolen? ….and mine has been several times over the past three decades…… simple solution…don’t pay the charges..worked for me every time..
Don’t use debit cards. Once burned, twice shy. Use cash. My wife and I have been doing this for ten months with no problems. It’s a minor inconvenience when filling up with gas but my fat ass can stand to walk a few extra feet. News of data breaches? We just laugh at the sheep.
Credit cards might be a better option but I figure the risk of identity theft is too high and sorting that out would be a major pain in the ass.
Just wait, TPTB will eventually use these data breaches as the impetus for getting your very own rfid chip implanted.
@flash, the problem isn’t the ultimate responsibility to pay (or today’s law, which could change tomorrow), the problem is that these mega-corps are INTENTIONALLY shortchanging cyber/computer security because they can shove the cost onto the backs of the consumer.
You may not have “paid” for the charges, but you sure as hell had to spend TIME (which IS money) fixing it. Now what if they didn’t just steal your card number, but your actual credit history? Hundreds of hours, court cases, police reports, and the effort to do it all is not free. Not by a long shot.
If the stolen card is a debit card, the freaking banks have the right to take up to 30 days to “return” your money, even when the “stolen” funds were never actually PAID out.
I once caught a breach and was able to call both companies and keep them from shipping out the soon-to-be stolen goods. It still took nearly 20 days for the bank to return the $800 to my account.
That was real cash, and totally unavailable to me, and the charges never actually posted, because I stopped them, but they “kept’ my money unavailable to me anyway.
Man, we really are a self-centered, dense, society. Flash says, “what’s the big deal?” and so won’t stop using credit, nor will demand real protections/security. Meanwhile some poor schmuck can be kicked out of his house because his rent check bounces, but hey, no harm, no foul, he gets his money “back,” eventually.
Once again we little guys pay, the rich make bigger profits, and our society will lose more freedom and security to “fix” the problem the freaking mega-corps created.
Went to Home Depot yesterday to get an estimate to replace the basement carpet. It’s 20+ years old and looks like shit. It was ugly when the previous owners installed it … some pinkish-mauve color that looks straight out of the 1970’s. Anyway, the quote came in at $1,955 plus tax.
This morning I called a local carpet guy … very reputable … been in business for 20+ years. He came same day … today at 6:15. He quoted a MUCH better carpet, …. total cost, tax included, $1,195.
Fuck you, Home Depot. Rot in hell.
TE… Now what if they didn’t just steal your card number, but your actual credit history? Hundreds of hours, court cases, police reports, and the effort to do it all is not free. Not by a long shot.
FWIW, my credit accounts where hacked and I was locked out of my own credit history, but I had very little trouble ( past the intial ass reaming I gave the credit agency) gettign it all straightened out and my credit access restored.
I’ve had various credit cards over the past 30 years and have had them stolen hacked and abused by retailers with very little in the way of problem gettign the unauthorized transactions straightened out.
This is my story and it in no way relates to the misfortune of others who never check their credit history and when they finally do , it’s late in the game and they have a shitstorm to calm.
Your business is yours.
CYA!
@ Stuck..LOL.. not that I am trumpeting HD, but .the sample you were shown by the other guy may not be the carpet you get.
Keep the sample and compare it to the weight and weave of the carpet installed..Trust me on this.
oh and don’t forget the twist. .. by substituting a looser fiber for the tight twist you were shown is another way to skin a cat….seen it done, a many a time.
http://www.carpet-guru.com/is-your-carpet-well-made/
Twist level is the amount of twist that two plies (or more) of fiber are given. You can sometimes count the twists by examining the face of the carpet carefully. The more twist in the fiber, the less dense the carpet has to be, and it can even have less fiber. A short, medium dense, 40 ounce face fiber, high twist carpet will last as long as many looped carpets. A twist level of six twists per inch is a good starting point. This means in a inch of a two ply fiber there would be six turns or twist that you could count..
Read the comment stream on Brian Krebs website and you will be very scared.
http://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/#more-27671
flash
The local carpet guy is located in Westfield, an upper middle class neighborhood with lots of million dollar homes. I don’t think he’d stay in business for 20+ years screwing the pooch.
Nevertheless, one can never be too careful. Your advice will be taken into account. Thanks.
Hackers can now attack your smart phone and use it to scan the credit cards IN YOUR POCKET.
Start at 1:10 mark
And then there’s ATM skimming
Administrator says:
“Read the comment stream on Brian Krebs website and you will be very scared.”
Yep. This crap is only going to get worse. That’s what I said last year. I’d bet it’s by design but that is only my suspicion.
flash is right about checking your credit reports every year. Get in the habit of doing it every year at tax time. I’ve never had an issue with mine but I still do it. If married, be sure to get reports for both. I’d even check for any credit reports under your kids SSN. I’ve heard of kids identities being stolen when they are young and when they become adults, their credit histories are already trashed.
If you carry a debit or credit card get some of those little protective Faraday Cage envelopes to keep them in to guard against smart phone and rfid skimmers.
If you must keep a debit or credit card join a small credit union and get a card issued through them. They tend to be a bit more diligent about preventing fraud.
While not perfect, transition back to cash.
” … flash is right about checking your credit reports every year.” ——— I_S
That’s far too long. If shit happens to your credit in April and you don’t check it until the following March, you’re shit outta luck.
Check it monthly at a MINIMUM.
And you know what happens when you get your identity stolen (as has happened to Ms Freud more than once)? You start checking your report every couple days.
Stucky, how much does it cost to generate a credit report every couple of days? I believe you can set up alerts with the credit reporting agencies to send you an alert every time there is any activity on your report or history. Unless you are constantly opening/closing accounts or are in the habit of paying bills late, there should be very little change to your report.
highly recommended.It’s a little troublesome , and usually costs around 4 bucks to have the security freeze lifted when you need a credit check to get some new service ( e.g. phone , cable,ISP….) , but once you set a freeze in action, no one can apply for credit in your name without password approval…I know password hacks happen , but as far as I know this is the best credit security offered at this time.
A Credit Freeze, also known as a Security Freeze, is a way for you to have maximum control of access to your credit.
A more dramatic step to protect your credit
WHEN TO ADD A SECURITY FREEZE
If you are very concerned about becoming a victim of fraud or identity theft, a Security Freeze might be right for you.
http://www.transunion.com/personal-credit/credit-disputes/credit-freezes.page
The ones that will be hit the hardest by this are all the illegals that hang out in front of Home Depot looking for day work. Watch for turf wars to break out in front of Lowes now.
Stop playing the banksters game using plastic. Cash and Coin. They are trying to eliminate cash and go all electronic hence total control and reporting.
Fuck andy, jeff, shawn, johnny huggins, molly, jabar, felicia harvey, fuck jeff twice with his dick stratchin self, every dude employee n every contractor done fuckd or finger fuckd felicia might wanna go get checked out ijs…fuck store 0154
Whoa… someone is seriously upset in Apelanta!