Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security

Home Depot Says Breach Affected 56 Million Cards 80

wiredmikey writes: Home Depot said on Thursday that a data breach affecting its stores across the United States and Canada is estimated to have exposed 56 million customer payment cards between April and September 2014. While previous reports speculated that Home Depot had been hit by a variant of the BlackPOS malware that was used against Target Corp., the malware used in the attack against Home Depot had not been seen previously in other attacks. "Criminals used unique, custom-built malware to evade detection," the company said in a statement. The home improvement retail giant also that it has completed a "major payment security project" that provides enhanced encryption of payment card data at point of sale in its U.S. stores. According to a recent report from Trend Micro (PDF), six new pieces of point-of-sale malware have been identified so far in 2014.
This discussion has been archived. No new comments can be posted.

Home Depot Says Breach Affected 56 Million Cards

Comments Filter:
  • Apple Pay? (Score:5, Interesting)

    by gnasher719 ( 869701 ) on Friday September 19, 2014 @08:04AM (#47944517)
    So what would have happened to someone who didn't use their card, but an iPhone 6 with Apple Pay? I take it they would be completely unaffected?
    • exactly, since the merchant never sees the credit card number.

      • well maybe not "completely" unaffected, but the data they got would probably be pretty much useless.

      • by DogDude ( 805747 )
        The merchant doesn't see the credit card number with modern POS systems, either.
        • The merchant doesn't see the credit card number with modern POS systems, either.

          Unless they are hacked, like in Home Depot :-( Point is that the POS system doesn't see the credit card number either.

  • sad (Score:5, Interesting)

    by Charliemopps ( 1157495 ) on Friday September 19, 2014 @08:05AM (#47944525)

    I'm currently on the phone with my bank dealing with this.
    Thanks Home Depot!
    After you're done cleaning up this mess, could you clean up the bolt isle so I can actually find what I'm looking for should I ever decide to return to your store?

    • by Anonymous Coward

      What did they do?

      How did you recognize it?

      Was it a $10,000 charge with no details or did it show up as a $1,457.24 Home Depot purchase? Or what?

    • Well, considering the two of them ran all the small local hardware stores out of business, enjoy shopping at Lowes, instead.

      • Well, considering the two of them ran all the small local hardware stores out of business, enjoy shopping at Lowes, instead.

        There are plenty of small hardware stores around me. Dozens actually... I'm always at the hardware stores. They thrive specially because Home Depot doesn't have everything... They only sell things that are of high profit and easy to sell. If you have an account with them you can order pretty much anything you want and have it ready for pickup in a few days. But stop in for some odds and ends? Good luck. Better luck at the local hardware store.

        I, unfortunately, live blocks from a home depot however... so I'm

        • I have no idea where you might live where there is no only one, but multiple, local hardware stores. I remember when the last non-Bigbox hardware store in the county I grew up in vanished.

          And I don't even like tools.

    • by DogDude ( 805747 )
      That's partially your fault for using a bank. My credit union contacted me last week and already sent me a new card.
    • by gmhowell ( 26755 )

      Try Fastenal. Generally cheaper and a much, much bigger selection. Hours can be a little inconvenient however.

    • The amount of breaches happening these days is crazy..
  • by eclectro ( 227083 ) on Friday September 19, 2014 @08:23AM (#47944629)

    From their website. This is the official Home Depot statement. [homedepot.com]

    Really, this symbolizes the lackadaisical attitude people have when it comes to security - that a breach is not going to happen to them. You'd think after Target major companies like Home Depot would have audited their own security processes.

  • by Anonymous Coward

    Whenever this story pops up, it's always "US and Canadian stores affected..." followed by a bunch of frustrated comments about how the US isn't using chip and pin yet. Well Canada *is* using chip and pin, and I can never find any details about weather or not Canadian customers should actually be worried (unless they had to fallback to the old magstripe stuff, of course), because if chip and pin was breached too then it's not going to do the US a lot of good to upgrade to it. Anyone know the details?

    • My understanding is that with chip + pin you're safer because even if they have your card details they can't use it as readily - however they can still be used in identity theft, etc. While they may be less of a risk than Visa or MC, the Home Depot credit cards used in Canada are all still magstripe.
  • by McGruber ( 1417641 ) on Friday September 19, 2014 @09:14AM (#47945071)

    When I watched Justin Ross Harris' Preliminary Hearing [youtube.com], I was stunned by how little work Home Depot's developers seem to do.

    Harris worked for Home Depot's ".com business" per a quote from the Home Depot Corporate Communications Manager in this CNN article. [cnn.com] The Preliminary Hearing did an amazing job of describing his typical workday: After watching cartoons with his child, then taking him out for breakfast, Harris eventually arrived at his office at about 10 AM. About 90 minutes later, he went out for a long lunch, with a carload of coworkers. After eating, the group stopped at a store to puchase some items. After lunch, Harris is at his desk for a few hours, but then he was out the door at 4 PM, off to watch a movie with some of his coworkers.

    The hearing documented that he put in, at most, about five hours of work. During those five hours, he was IMing women on dating sites and also IMing a couple coworkers about a small startup/consulting business they had.

  • 56 million people shop there? What the hell is wrong with people? Do they only have Home Depot in their community? Their lack of any customer service of any kind, confusing aisles, and inability to carry anything anyone needs makes me wonder why anyone would still shop there.
  • This cat and mouse game will go on indefinitely.

  • It sounds like this sort of thing takes a scale of resources to accomplish that wouldn't be used idly.

    So why are we hearing about a lot of cracks lately that get huge amounts of payment information, but apparently don't lead to massive numbers and dollars of thefts from accounts?

    Is someone testing experimental weapons for a future cyber war that would aim to create enough financial chaos to crash our economy?
    Or conversely, is there a secret government project to deliberately crack corporate financial system

    • by Anrego ( 830717 ) *

      I think it's more that Visa and MasterCard have partially fixed the problem from the other end, by making it harder to actually turn stolen numbers into cash in pocket.

      The whole system is still a farce, but I feel slightly better when I buy something online that is outside my usual spending habits and my card is immediately locked followed by a phone call from VISA.

  • "The retailer left its computers vulnerable by switching off Symantecâ(TM)s Network Threat Protection (NTP) firewall in favor of one packaged with Windows. âoeIt is highly advised and recommended the NTP Firewall component be deployed and that Windows Firewall be discontinued,â the report states."

    See, wasn't that easy?

"Being against torture ought to be sort of a multipartisan thing." -- Karl Lehenbauer, as amended by Jeff Daiell, a Libertarian

Working...