Home Depot, the largest home improvement retailer, has announced that 56 million credit card numbers have been compromised. In what is now known to be the biggest security breach in corporate history, Home Depot has been the target of an attack that lasted from April to September 2014.
Home Depot managed to beat the previous record, held by Target with 40 million compromised credit cards. As a result of Target’s security breach, the company laid off its CIO. Chairman, President and CEO Gregg Steinhafel then announced his resignation as a result of the security breach and previous unfortunate events, like losing $941 millions in a failed Canadian expansion.
September 2nd: the same man that announced Target’s breach, Brian Krebs, announces a new security breach. This time on Home Depot. The same day, Home Depot starts digging through its POS systems and on the September 8th announces that indeed, a breach has happened.
Krebs reports that the same group of Russian and Ukrainian hackers that managed to steal Target’s data were responsible for the hack. The same day a new batch of credit cards shows up online. The batch’s code name: European Sanctions.
16 days later, Home Depot announced that it managed to clear all infected systems and has “has completed a major payment security project that provides enhanced encryption of payment data at point of sale”.
The company worked with security firms, banking partners and the Secret Service to find out as much as possible about the breach. Results show that hackers used custom built, never before seen malware. This was not the work of some isolated hackers group, acting on its own. A very well organized attack has been put in motion.
Home Depot has worked with banks to provide customer support to those in need. A small local bank, Dollar Bank, as well as larger banks such as JP Morgan Chase and Capital One, have started replacing credit cards.
Although Home Depot has not been hit by the market just as heavily as Target, one can still feel the tension looming over the retailer’s security actions. Consumers are more careful in how they use their credit cards and banks have jumped on board the Apple Pay system, which promises better security.
Is there a cyber war out there?
The fact that the same group of hackers seem to have been involved in attacking Target, as well as Home Depot points to a maybe. But then you have the Secret Service involved. You have an ex-Homeland Security contractor acting as CIO with Target. You have the FBI investigating whether Russia is behind the recent JP Morgan Chase cyber attack.
But most of all – you have Edward Snowden, defected to Russia with a few gigs of classified information on US cyber intelligence actions. Some of those actions may have included packing backdoors and security flaws into US digital infrastructure. Too bad.
Yes, there there probably is a cyber war going on and the US and Europe are extremely exposed. Retailers should pay a lot more attention to their security backbones and check each potential backdoor, should they not want to suffer the same unfortunate events Home Depot, Target and others have faced.