Yesterday, Home Depot announced that the April breach that went undetected for five months may have affected 56 million credit and debit cards. This makes the Home Depot incident even larger than last year’s Target debacle, which compromised 40 million cards.
Brian Krebs alerted Home Depot to the possible problem on September 2, and the company confirmed his reports publicly on September 8. Since then, Home Depot has outfitted its point of sales systems with full encryption capabilities, a project which began in January but was not completed until this week.
Home Depot, like other retailers, is also in the midst of transitioning to EMV technology in order to meet the October 2015 PCI deadline. The retailer has been slow to change systems, because it estimates that such a transition will require employees to write tens of thousands of lines of code and install 85,000 new pin pads in its various store locations.
Security experts have criticized Home Depot for being slow to update its systems and also for failing to scan its software after the Secret Service and Department of Homeland Security warned businesses that they might have been exposed to malware.
“We apologize for the frustration and inconvenience this breach may have caused,” Home Depot told customers on its website. “We also want to emphasize that you will not be liable for any fraudulent charges to your accounts, and we’re offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on.”
Home Depot estimates that the cost of the security breach will be $62 million.
Update your company’s point of sale computer systems to avoid the unneeded mess that data breaches create.