Home Depot Says Breach Affected 56 Million Cards 80
wiredmikey writes: Home Depot said on Thursday that a data breach affecting its stores across the United States and Canada is estimated to have exposed 56 million customer payment cards between April and September 2014. While previous reports speculated that Home Depot had been hit by a variant of the BlackPOS malware that was used against Target Corp., the malware used in the attack against Home Depot had not been seen previously in other attacks. "Criminals used unique, custom-built malware to evade detection," the company said in a statement. The home improvement retail giant also that it has completed a "major payment security project" that provides enhanced encryption of payment card data at point of sale in its U.S. stores. According to a recent report from Trend Micro (PDF), six new pieces of point-of-sale malware have been identified so far in 2014.
Re:Credit cards? (Score:4, Interesting)
Re:Credit cards? (Score:4, Interesting)
Uh, we're getting chips over the next 12 months, next September is when the liability shifts to the merchant if you have a chip card and they accept it as a swipe so every issuer is going to be sure to have cards out there by then and every large merchant is going to have the ability to use them. The one thing is in the US we're mostly going to be chip and signature, not chip and pin.
Re: (Score:1)
Thank you Judge Death for your insightful contribution to this article.
Re: (Score:1)
Re: (Score:2)
Harvest their organs for the long organ donor list and they'll have contributed to society for once in their now terminated life.
Certain intelligent people have already explored [wikipedia.org] where that idea ends up.
Executive summary: you better never get caught jaywalking, because there are dozens of people who think they have a claim on your vital organs thay you do.
Re: (Score:1)
Re: (Score:2)
Sure, if we straight up execute people for stealing credit cards then credit card theft would probably go away.
But then the same can be said about every crime, and personally even as a generally law abiding person, I don't think I want to live in a world where any crime means death by catapult or exile to the acid mines.
Re: (Score:2)
So, all these folks who are saying "low-life criminals are the problem, and we need to stop them by whatever means necessary" shouldn't be calling for harsher penalties, but more pervasive surveillance (because the important factor is how likely you are to be caught, not how severe the punishment is).
Yeah, I'm sure they'll get right on that.
Re: (Score:2)
So of course the banks will charge extortionate rates for said card swipe terminals.
But nothing really prevents the really big merchants from telling the bank to stuff their machine. So I'd expect that might see the first use of chip a
Re: (Score:2)
The funny thing is that the other day I took one of the cats into the vet for an exam, and when I went to pay I found that they had a chip card reader, and it worked the way it was supposed to. My the first chip-card transaction in the U.S., and it was at a small mom-and-pop.
I should note that for many months, Home Depot has had chip card readers at their POS terminals, but they are not yet active.
Re: (Score:2)
Re: (Score:3, Insightful)
All the old coots who are still using paper money are laughing at the cashless whipper snappers who shopped at the home depot. Until EMV is accepted everywhere, use cash if you can. Do not use a debit card! Credit card data breaches of major retailers are now widespread.
Re: (Score:2)
RFID cards have proven to be easy to compromise.
I've not seen an RFID card. Do you have a link? Or did you mean EMV?
Re: (Score:2)
I'm fine with the chip; that protects me, the bank, and the retailer. I am NOT fine with the PIN. My signature can't be stolen; if someone steals my card, the signature on the sales slip proves it's not me. But if someone steals your PIN they have your every penny.
It happened to me with a debit card. I welcome the chip, but of they add a PIN I'll cancel all my cards and go back to cash and checks, even though they're nowhere as convenient.
Re: (Score:3)
I was just informed my DEBIT card is on the list, and it's going to cost me $25 to have it replaced.
The least those assholes at THD could do would be to pay for that.
Re: (Score:2)
Re: (Score:2)
It is a credit union. It's the fact that it's a debit card that they are charging me.
Re: (Score:2)
Re: (Score:2)
And it's one reason why I never ever use my debit card like it was a credit card. Debit cards just don't have the protections that credit cards do.
Re: (Score:1)
Apple Pay? (Score:5, Interesting)
Re: (Score:3)
exactly, since the merchant never sees the credit card number.
Re: (Score:2)
well maybe not "completely" unaffected, but the data they got would probably be pretty much useless.
Re: (Score:2)
Re: (Score:3)
The merchant doesn't see the credit card number with modern POS systems, either.
Unless they are hacked, like in Home Depot :-( Point is that the POS system doesn't see the credit card number either.
Re: (Score:3)
Great -- now the hackers that got my credit / debit card numbers could, instead, get my PayPal info! We all know how nice PayPal is to customers when their accounts are compromised!
Re: (Score:2)
Great -- now the hackers that got my credit / debit card numbers could, instead, get my PayPal info! We all know how nice PayPal is to customers when their accounts are compromised!
Excuse me - Apple Pay. Not PayPal. Unless you lived under a stone for the last two weeks I would have expected that you've heard of Apple Pay.
sad (Score:5, Interesting)
I'm currently on the phone with my bank dealing with this.
Thanks Home Depot!
After you're done cleaning up this mess, could you clean up the bolt isle so I can actually find what I'm looking for should I ever decide to return to your store?
More details: (Score:1)
What did they do?
How did you recognize it?
Was it a $10,000 charge with no details or did it show up as a $1,457.24 Home Depot purchase? Or what?
Re: (Score:3)
Well, considering the two of them ran all the small local hardware stores out of business, enjoy shopping at Lowes, instead.
Re: (Score:3)
Well, considering the two of them ran all the small local hardware stores out of business, enjoy shopping at Lowes, instead.
There are plenty of small hardware stores around me. Dozens actually... I'm always at the hardware stores. They thrive specially because Home Depot doesn't have everything... They only sell things that are of high profit and easy to sell. If you have an account with them you can order pretty much anything you want and have it ready for pickup in a few days. But stop in for some odds and ends? Good luck. Better luck at the local hardware store.
I, unfortunately, live blocks from a home depot however... so I'm
Re: (Score:2)
I have no idea where you might live where there is no only one, but multiple, local hardware stores. I remember when the last non-Bigbox hardware store in the county I grew up in vanished.
And I don't even like tools.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Try Fastenal. Generally cheaper and a much, much bigger selection. Hours can be a little inconvenient however.
Re: (Score:1)
Re: (Score:2)
Obviously varies a lot by location, but I've found the Home Depot here to be one of the best as far as having people in departments that know their stuff. Spend a few minutes looking perplexed while staring at an isle and someone will ask if they can help. Last time I was there the guy in the plumbing department was ridiculously helpful.
And we have Chip & Pin here (Canada).
Re: (Score:2)
every home depot in my city is basically 1 staff at each entrance and exit
30 check out lanes all closed, 4 self check out lanes guarded by one person who's too busy texting to do anything useful
i'm glad home depot went to shit in my city before the data breach i used to shop their but since they turned into big self service wear houses i haven't been back.
Official Home Depot statement (Score:5, Interesting)
From their website. This is the official Home Depot statement. [homedepot.com]
Really, this symbolizes the lackadaisical attitude people have when it comes to security - that a breach is not going to happen to them. You'd think after Target major companies like Home Depot would have audited their own security processes.
Re: (Score:2)
I am pretty sure there will be many more and bigger ones. :(
Canadians already using chip & pin... (Score:2, Interesting)
Whenever this story pops up, it's always "US and Canadian stores affected..." followed by a bunch of frustrated comments about how the US isn't using chip and pin yet. Well Canada *is* using chip and pin, and I can never find any details about weather or not Canadian customers should actually be worried (unless they had to fallback to the old magstripe stuff, of course), because if chip and pin was breached too then it's not going to do the US a lot of good to upgrade to it. Anyone know the details?
Re: (Score:2)
Court Testimony described HD's developers workdays (Score:3)
When I watched Justin Ross Harris' Preliminary Hearing [youtube.com], I was stunned by how little work Home Depot's developers seem to do.
Harris worked for Home Depot's ".com business" per a quote from the Home Depot Corporate Communications Manager in this CNN article. [cnn.com] The Preliminary Hearing did an amazing job of describing his typical workday: After watching cartoons with his child, then taking him out for breakfast, Harris eventually arrived at his office at about 10 AM. About 90 minutes later, he went out for a long lunch, with a carload of coworkers. After eating, the group stopped at a store to puchase some items. After lunch, Harris is at his desk for a few hours, but then he was out the door at 4 PM, off to watch a movie with some of his coworkers.
The hearing documented that he put in, at most, about five hours of work. During those five hours, he was IMing women on dating sites and also IMing a couple coworkers about a small startup/consulting business they had.
the real story (Score:1)
So much for the cashless society (Score:2)
This cat and mouse game will go on indefinitely.
Paranoia? (Score:2)
It sounds like this sort of thing takes a scale of resources to accomplish that wouldn't be used idly.
So why are we hearing about a lot of cracks lately that get huge amounts of payment information, but apparently don't lead to massive numbers and dollars of thefts from accounts?
Is someone testing experimental weapons for a future cyber war that would aim to create enough financial chaos to crash our economy?
Or conversely, is there a secret government project to deliberately crack corporate financial system
Re: (Score:2)
I think it's more that Visa and MasterCard have partially fixed the problem from the other end, by making it harder to actually turn stolen numbers into cash in pocket.
The whole system is still a farce, but I feel slightly better when I buy something online that is outside my usual spending habits and my card is immediately locked followed by a phone call from VISA.
Re: (Score:2)
And the reason is obvious, people don't care.
How much money is Home Depot really gonna lose in this case? Maybe some liability? Probably cheaper to accept the risk than spend money on preventative measures which still might not be enough.
But surely people will be angry and vow to never shop there again? Nope. While it's in the news, sure, but people forget quickly. Remember how big the Sony/PSN thing was. I know people who swore they'd never do business with Sony ever again who currently own a PS4. As a who
It Was Windows Fault (Score:1)
"The retailer left its computers vulnerable by switching off Symantecâ(TM)s Network Threat Protection (NTP) firewall in favor of one packaged with Windows. âoeIt is highly advised and recommended the NTP Firewall component be deployed and that Windows Firewall be discontinued,â the report states."
See, wasn't that easy?