Home Depot wins. They officially win the award for largest credit card breach in world history. Please congratulate them by never shopping in their stores again. While the CEO was ignoring security for his customers he spent $18 billion buying back his own stock and rewarding himself and his executive cronies with massive stock bonuses for a job well done.
Home Depot: 56M Cards Impacted, Malware Contained
Home Depot said today that cyber criminals armed with custom-built malware stole an estimated 56 million debit and credit card numbers from its customers between April and September 2014. That disclosure officially makes the incident the largest retail card breach on record.
The disclosure, the first real information about the damage from a data breach that was initially disclosed on this site Sept. 2, also sought to assure customers that the malware used in the breach has been eliminated from its U.S. and Canadian store networks.
“To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements,” the company said via press release (PDF). “The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.”
That “enhanced payment protection,” the company said, involves new payment security protection “that locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers.
“Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms,” the statement continues. “The encryption project was launched in January 2014. The rollout was completed in all U.S. stores on Saturday, September 13, 2014. The rollout to Canadian stores will be completed by early 2015.”
The remainder of the statement delves into updated fiscal guidance for investors on what Home Depot believes this breach may cost the company in 2014. But absent from the statement is any further discussion about the timeline of this breach, or information about how forensic investigators believe the attackers may have installed the malware mostly on Home Depot’s self-checkout systems — something which could help explain why this five-month breach involves just 56 million cards instead of many millions more.
As to the timeline, multiple financial institutions report that the alerts they’re receiving from Visa and MasterCard about specific credit and debit cards compromised in this breach suggest that the thieves were stealing card data from Home Depot’s cash registers up until Sept. 7, 2014, a full five days after news of the breach first broke.
The Target breach lasted roughly three weeks, but it exposed some 40 million debit and credit cards because hackers switched on their card-stealing malware during the busiest shopping season of the year. Prior to the Home Depot breach, the record for the largest retail card breach went to TJX, which lost some 45.6 million cards.
the idiot CEO of Home Depot will probably get a huge bonus for his “leadership”
Home Depot sells 3′ and 4′ long sections of steel pipe. They may even have a helpful flyer on how to properly beat an executive with said sections of pipe.
56 +million people using credit cards at one business. Does anyone pay with cash anymore?Just today I stood in line behind some gal who brought a soda and a pack of chips with her master card..The total was like 3 dollars. I started to scream. I guess I’m getting old.
Well, I shopped at HD all the time. I never use the self checkout. I’ll actually wait in line even with the self checkout empty. Usually a young lady will come over and beg me to use it. I will politely tell her no and explain why I do not wish to use it. Going into the diatribe of how it is eliminating your job, blah blah.
I then get the familiar “glassy eyed far away stare” look and know my words are falling upon deaf ears. If a manager is hanging around (not likely) I will complain to them (same stare). It is hopeless.
I’ll be getting new debit cards anyhow after this. I really need to start using cash. Damn me for being so lazy. Hopefully, this will be the last push to get me off my fat ass and go to cash. I need to practice what I preach.
The plus on using a credit instead of a debit card is if your unsecured credit is stolen , there is no way you can be forced to pay, but with debit, your account is emptied and good luck with getting your money back.
Credit is still the best way to go if ones doesn’t want to carry wads of fiat around.After all credit is a just a much money as fiat.They are in fact one and the same.
What a great response – after they are hacked – then they install encryption software.
Sorta like buying fire insurance after the house burned down.
I hate the place – but bLowes and HD have put virtually every lumber yard out of business.
@bb,
Yes. We pay with cash. And checks!!! (People look at you like you have 3 heads, but I get a kick out of it. lol)
I no longer use a debit card. I have one credit card.
Running against the herd.
I used a debit card at HD during that time frame, so that’s fucking great.