HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 8 MINUTES AGO.
You are here: Home / Enterprise I.T. / Home Depot's Customer Data Breach
Customer Data Breach at Home Depot May Be Biggest Yet
Customer Data Breach at Home Depot May Be Biggest Yet
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
04
2014



Home Depot is warning and reassuring customers about a potential data breach. The home improvement retailing giant is still investigating a possible hack but has made it clear customers will not have to foot the bill for any fraudulent charges that may emerge.

"Our forensics and Relevant Products/Services teams have been working around the clock," spokeswoman Paula Drake said in a published statement. "In the event we determine there has been a data breach, our customers will not be responsible for any possible fraudulent charges."

Home Depot has hired Symantec Corp. and Fishnet Security to investigate after discovering unusual activity on Thursday. The retailer is also working with law enforcement agencies but has not disclosed specifics.

"We know that this news may be concerning, and we apologize for the worry this can create," Home Depot said in a notice posted on its Web site. "If we confirm a breach has occurred, we will make sure our customers are notified immediately."

Don’t Use Cards Tied to Your Bank Account

We caught up with Tom Cross, director of security research at network security firm Lancope, to get his take on the possible breach. He told us these retail compromises can have a direct financial impact on consumers -- and that the Home Depot incident has the potential be bigger than the Target breach.

“Some banks issue credit cards that are directly tied to consumer checking accounts,” Cross says. “Fraudulent charges made on these cards are immediately deducted from the consumer's bank balance, and the consumer may have to wait for a fraud investigation to complete before they can recover their money.”

With so many large retail organizations getting compromised, he strongly recommends consumers avoid using cards that are tied directly to their checking accounts. However, he adds, people do not want to go through the hassle of having their cards replaced because they were compromised, even if they won't be held responsible for the charges.

“Therefore, these compromises do have a reputational impact on financial institutions -- some consumers will avoid doing business in stores if they fear that their card may be compromised,” Cross said. “Other retailers who have been impacted in this string of attacks have faced significant costs associated with cleanup and lost Relevant Products/Services.”

Improvements Since Target Breach

We also turned to Daniel Ingevaldson, CTO of Web fraud detection firm Easy Solutions, for his thoughts on the possible breach. He told us it appears this new batch of cards are selling for $50 to $100 each, though he said those prices are likely to come down faster than in the past as the window of opportunity to profit from stolen cards has shrunk.

“This has happened because financial institutions have become smarter about dealing with these attacks,” Ingevaldson said. “For example, black market sites used to allow you to 'test' a stolen card, charging a small amount on it before committing to purchase, in order to prove it was a valid card. Since the Target breach, banks have improved their detection methods to look for these kinds of charges -- as an indication of likely potential new fraud -- so these sites no longer offer this service."

What’s more, he said, a growing number of banks are monitoring the black markets themselves, either on their own or through services like those offered by Easy Solutions, as an early warning system for stolen cards.

“We expect we'll continue to see these large scale retail breaches continue, as a result of wide open POS (point-of-sale) devices, combined with the incredible difficulty of discovering a large, sophisticated breach,” Ingevaldson said. “The hope here, though, is that banks and retailers are becoming faster to respond, and are improving their detection methods, thereby shortening the window of opportunity for these criminals, and reducing the exposure and hassle to consumers.”

Tell Us What You Think
Comment:

Name:

Media Propaganda:
Posted: 2014-09-09 @ 2:14am PT
That's what they get for showing that annoying "Barefootin" commercial over and over again. Cramming 5 different races into an unrealistic social scenario will result in your system getting hacked every time.

Brad Hodson:
Posted: 2014-09-04 @ 10:37am PT
So far, Home Depot appears to have learned the lessons from the Target breach by being much more forward with its customers from the get-go.

Of course, there is no reason to alarm customers if you're not sure if there has indeed been a breach. But when you're that big and have reasonable evidence, then this is a great time to make your CRM worth it.

Brad Hodson
JobNimbus

Like Us on FacebookFollow Us on Twitter
MORE IN ENTERPRISE I.T.

NETWORK SECURITY SPOTLIGHT
Ailing Canadian handset maker BlackBerry Ltd. is working to reinvent itself and spending a pretty penny to do it. The company has agreed to buy Good Technology for $425 million in an all-cash deal.

ENTERPRISE HARDWARE SPOTLIGHT
Tech giant Intel has been giving users peeks at its new Skylake CPUs. Now they get the whole picture. This week at IFA 2015, Intel offered attendees much more detail on its sixth-gen Core chips

MOBILE TECHNOLOGY SPOTLIGHT
Ailing Canadian handset maker BlackBerry Ltd. is working to reinvent itself and spending a pretty penny to do it. The company has agreed to buy Good Technology for $425 million in an all-cash deal.

NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.