Home Depot Confirms Theft of 56M Credit, Debit Cards

Home improvement giant Home Depot on Thursday confirmed that a data breach put about 56 million customer credit and debit cards at risk. That makes the breach, as some predicted, bigger than the Target incident that rocked the retail world.

Criminals used custom-built malware to evade detection -- malware that had not previously been seen in other attacks. Home Depot has since eliminated the malware from its U.S. and Canadian networks and completed a payment security project that offers stronger data encryption called EUchip and pinEU technology.

EUWe apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,EU said Frank Blake, Chairman and CEO of Home Depot. EUFrom the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.EU

A Consistent Strategy

We caught up with Eric Cowperthwaite, Vice President of Advanced Security & Strategy at network security firm Core Security, to get his thoughts on the latest news from Home Depot. He told us everything that we have suspected about this breach has been confirmed.

EUIt is the largest retail breach of credit cards. Home Depot was breached for over five months without knowing it,EU Cowperthwaite said. EUThe bad guys did use the exact same attack methods against Home Depot as was used against Target. And the fact that it was never before seen malware is little consolation, in my mind.EU

By comparison, the Target data breach compromised 40 million credit and debit cards in transactions that occurred from Nov. 27 to Dec. 15 last year and cost shareholders $148 million.

As Cowperthwaite sees it, the reality is that the way companies and government organizations are being breached is consistent: Attackers find unprotected, easily compromised ways into...

Comments are closed.

Home Depot Confirms Theft of 56M Credit, Debit Cards

Home improvement giant Home Depot on Thursday confirmed that a data breach put about 56 million customer credit and debit cards at risk. That makes the breach, as some predicted, bigger than the Target incident that rocked the retail world.

Criminals used custom-built malware to evade detection -- malware that had not previously been seen in other attacks. Home Depot has since eliminated the malware from its U.S. and Canadian networks and completed a payment security project that offers stronger data encryption called EUchip and pinEU technology.

EUWe apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,EU said Frank Blake, Chairman and CEO of Home Depot. EUFrom the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.EU

A Consistent Strategy

We caught up with Eric Cowperthwaite, Vice President of Advanced Security & Strategy at network security firm Core Security, to get his thoughts on the latest news from Home Depot. He told us everything that we have suspected about this breach has been confirmed.

EUIt is the largest retail breach of credit cards. Home Depot was breached for over five months without knowing it,EU Cowperthwaite said. EUThe bad guys did use the exact same attack methods against Home Depot as was used against Target. And the fact that it was never before seen malware is little consolation, in my mind.EU

By comparison, the Target data breach compromised 40 million credit and debit cards in transactions that occurred from Nov. 27 to Dec. 15 last year and cost shareholders $148 million.

As Cowperthwaite sees it, the reality is that the way companies and government organizations are being breached is consistent: Attackers find unprotected, easily compromised ways into...

Comments are closed.