Home Depot has confirmed the extent of its data breach this week, and the results aren't pretty...an estimated 56 million payment cards are predicted to have been compromised in the breach. This beats out the previous holder of the record - T.J. Maxx with an estimated 45.6 million compromised payment cards.
The investigation has shown that the self-checkout terminals in Home Depot stores were affected by malware, but the payment card readers in regular checkout lanes were not affected. If both had been compromised, this breach could have been much worse.
Home Depot has confirmed that the malware has been removed from its systems, and stated that they completed a major security project to encrypt the data at its sales terminals. They will also offer identity protection to those users who have been affected by the data breach.
Personally, I know of two credit cards that were used at Home Depot stores multiple times during the months identified - April through September. I have not received any notifications from Home Depot nor my credit card companies regarding this incident. Home Depot offers electronic receipts that are tied to the credit card that you use, so I know that they have a way of contacting me.
The worst part about this breach is that Home Depot could have potentially avoided these attacks by turning on a security feature that was already installed. Symantec offers an intrusion prevention feature in its software called Endpoint Protection, which was not enabled on Home Depot's systems. Security consultants hired by the company also recommended using an upgraded firewall, rather than the one provided with Windows. Neither of these recommendations were implemented by the company.
The data breach itself is expected to cost the company around $62 million; $27 million of which will be covered by insurance. Only the future will tell if this data breach affects the company's sales, especially given how much Target's sales were affected by it's data breach last year.
Wow! Great information about the Home Depot breach.
ReplyDeleteDuane K. - CIS 608