Yesterday, Home Depot officially confirmed that it suffered a significant security breach. KrebsOnSecurity, an online IT security blog, first reported the attack a week ago after noticing a number of stolen cards that could be traced back to various Home Depot locations.
This may be the largest breach in history, possibly affecting 1,977 stores in the U.S. and compromising upwards of 60 million credit card numbers. In comparison, last year’s Target breach affected 400 fewer stores and 40 million cardholders.
Customers in Georgia filed a class-action lawsuit against Home Depot last week for failure to adequately protect consumers from theft, as well as failure to notify consumers of a possible breach in a timely manner. Security expert Eric W. Cowperthwaite confirms with The New York Times, “This is not how you handle a significant security breach, nor will it provide any sort of confidence that Home Depot can solve the problem going forward.”
Home Depot is offering free credit-monitoring and identity protection services to its customers who shopped at the affected stores, but it may be a case of too little, too late, as customers begin to view the company with distrust.
It appears that the Home Depot systems were infected with a form of “BlackPOS” (a.k.a. “Kaptoxa”), a strain of malware built to funnel card information away from the store when swiped. BlackPOS was also discovered on Target computers, and cards stolen from the Target breach were found on the same black market website selling the card information of Home Depot customers. These notable similarities lead experts to believe that the same perpetrators behind the December 2013 Target attack are also behind the Home Depot breach.
Be sure to protect your business by installing cutting-edge, reliable point of sale retail software.