Yesterday, Home Depot officially announced that it was the victim of a cyber-attack. The breach may have affected all of the company's 1,977 store locations in the U.S. with a possible 60 million credit card numbers stolen. The breach went undetected for up to five months.
KrebsOnSecurity broke news of the breach last week, after noticing that credit cards being sold online were traceable back to Home Depot locations. Citizens in Georgia filed a class-action lawsuit against the company last week, arguing failure to protect consumers from theft and neglect to notify them in a timely manner once theft had occurred. Although Home Depot is offering free identity protection and credit-monitoring services to victims, it seems that for now customers have lost faith in the retail giant.
Experts theorize that the same perpetrators who executed the Target breach in December 2013 were also behind this latest attack. "BlackPOS" is a strain of malware that funneled credit card information from Home Depot POS terminals to offsite databases, and it was also detected in Target computers. Additionally, credit card numbers from both stores were being sold on the same underground website.
Security officials are continuing to look into the breaches in an effort to protect consumers.
Sandy Kennedy, president of the Retail Industry Leaders Association, told the New York Times, "Any organization connected to the debit and credit card ecosystem faces constant and evolving threats. The public and private sector must continue to work together to improve debit and credit card security, identify threats and share information to best defend against cyberattacks."
Protect your employees, customers and company by upgrading your credit card payment processor today, because it is far easier to prevent a security incident than to make amends for one.