Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Home Depot Confirms Payment Card Data Breach

Home Depot Confirming Data Breach

After days of speculation, Home Depot has confirmed it was victimized in a data breach that compromised credit and debit cards at stores throughout the United States and Canada.

Home Depot Confirming Data Breach

After days of speculation, Home Depot has confirmed it was victimized in a data breach that compromised credit and debit cards at stores throughout the United States and Canada.

According to the company, there is no evidence that anyone who shopped at stores in Mexico or online at Homedepot.com was affected.

News of a possible breach first circulated last week. The full scope of the breach remains under investigation, however the company stated there is no evidence that debit PIN numbers were compromised. Right now, the investigation is focused on April forward, and the retailer is offering free identity protection services to potentially impacted customers.

“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” Home Depot chairman and CEO Frank Blake said in a statement. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges.”

Advertisement. Scroll to continue reading.

The investigation began on the morning of Sept. 2 after the company received reports of a possible breach from its banking partners and law enforcement. Security blogger Brian Krebs, who broke the news of the investigation last week, reported today that a source close to the investigation told him that an analysis of Home Depot’s store registers showed at least some had been infected with a new variant of BlackPOS – a notorious piece of point-of-sale malware. The same family of malware was also linked to the attack on Target last year.

“It is possible that both attacks were caused by the same people,” said Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs. “Often times, when a certain type of malware becomes too well known by the security industry, the creators of the malware will modify the code and use new methods of obfuscation and encryption in order to thwart detection attempts.”

Generally, attackers have been exploiting the points of least resistance, said Nick Levay, CSO at Bit9.

“In a large percentage of these breaches, the weak spot can be blamed on the POS malware protection, since at the end of the day the common theme of many of these breaches is the execution of malware on the critical endpoint to do the dirty work,” he said. “Regardless if the attackers hit the POS during a busy time, during a holiday freeze, or intense policy change like implementing a new standard like PCI [Payment Card Industry Data Security Standard] 3.0, the end result still has to get past the malware protection at the endpoint.”

Home Depot has previously stated it will roll out EMV ‘Chip and PIN’ to all U.S. stores by the end of this year in advance of the October 2015 deadline.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.