Sophos Cloud Optix
Home Depot has responded to reports that it has suffered a credit card breach.
Yesterday, Brian Krebs reported that two “massive” new batches of stolen credit and debit cards had been put up for sale on the ‘Rescator’ cybercrime forum.
Krebs claims that multiple banks say they are seeing evidence that Home Depot stores may well be the source of this breach, although this is currently unconfirmed.
Paula Drake, spokesperson for Home Depot, did confirm that the company is investigating:
[W]e are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate...
Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.
Home Depot has 2200 stores across the US, Canada and Mexico. It’s believed that the potential breach may extend as far back as late April this year.
Of course, Home Depot is just the latest in a long line of retail breaches. Supervalu, Neimann Marcus, The UPS Store and Target have all suffered breaches in the last year.
We will update Naked Security as the story develops.
In the mean time, if you have used your credit card at Home Depot it’s worth keeping an eye on your account in case of any suspicious activity. If you see something you are not expecting, contact your bank immediately.
we seem to be seeing a lot of these lately, are companies taking these breaches seriously and strengthening their systems or just ignoring it, hoping they will be missed? Frankly, this is getting stupid, it’s becoming, “The breach of the week.” I would think by now companies should be reviewing there systems and policies for problems realizing that anyone can be a target. As a customer, we [should] expect they do everything they can to protect our information stored on their systems, but, I am not getting that warm and fuzzy feeling. Have we reached a point where it is safer to just cancel all the cards and cut them up? That’s not really a bad thing?
We are rapidly heading back to just using cash for everything. Is this because we don’t use chipped credit cards here as they do in Europe, Canada and other countries or are our stores just less careful with idiots running their IT security?
Maybe idiots running the company won’t pay for the changes being recommended by the CIO running IT Security?
I think the issue is not just in the US or UK. In France our cards do have a chip. Of course it is more difficult to hack these cards, but it is still possible. I think the issue is mostly on the way up because we just more and more rely on credit cards for everything. Statistically speaking the risk is then higher. If you add the fact that Companies’ CEOs and boards of directors are mostly MBAs & accounts and not ITs, it is not surprising to witness this.
> Have we reached a point where it is safer to just cancel all the cards and cut them up?
But I like getting a new shiny replacement card every two weeks!
Information Security is wseen as a road block to doing business and sales income. Many more to come.