Slashdot Mirror

← Back to Stories (view on slashdot.org)

Home Depot Says Breach Affected 56 Million Cards

Posted by Soulskill on from the going-for-the-high-score dept.

wiredmikey writes: Home Depot said on Thursday that a data breach affecting its stores across the United States and Canada is estimated to have exposed 56 million customer payment cards between April and September 2014. While previous reports speculated that Home Depot had been hit by a variant of the BlackPOS malware that was used against Target Corp., the malware used in the attack against Home Depot had not been seen previously in other attacks. "Criminals used unique, custom-built malware to evade detection," the company said in a statement. The home improvement retail giant also that it has completed a "major payment security project" that provides enhanced encryption of payment card data at point of sale in its U.S. stores. According to a recent report from Trend Micro (PDF), six new pieces of point-of-sale malware have been identified so far in 2014.

6 of 80 comments (clear)

  1. Apple Pay? by gnasher719 · · Score: 4, Interesting

    So what would have happened to someone who didn't use their card, but an iPhone 6 with Apple Pay? I take it they would be completely unaffected?

  2. sad by Charliemopps · · Score: 4, Interesting

    I'm currently on the phone with my bank dealing with this.
    Thanks Home Depot!
    After you're done cleaning up this mess, could you clean up the bolt isle so I can actually find what I'm looking for should I ever decide to return to your store?

  3. Re:Credit cards? by NoNonAlphaCharsHere · · Score: 3, Interesting

    At this point, mag-stripe cards are almost as old-coot-technology as paper money. We can't have nice things (chip & pin) because American industry is too cheap to upgrade infrastructure.

  4. Re:Credit cards? by afidel · · Score: 3, Interesting

    Uh, we're getting chips over the next 12 months, next September is when the liability shifts to the merchant if you have a chip card and they accept it as a swipe so every issuer is going to be sure to have cards out there by then and every large merchant is going to have the ability to use them. The one thing is in the US we're mostly going to be chip and signature, not chip and pin.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  5. Official Home Depot statement by eclectro · · Score: 4, Interesting

    From their website. This is the official Home Depot statement.

    Really, this symbolizes the lackadaisical attitude people have when it comes to security - that a breach is not going to happen to them. You'd think after Target major companies like Home Depot would have audited their own security processes.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  6. Canadians already using chip & pin... by Anonymous Coward · · Score: 2, Interesting

    Whenever this story pops up, it's always "US and Canadian stores affected..." followed by a bunch of frustrated comments about how the US isn't using chip and pin yet. Well Canada *is* using chip and pin, and I can never find any details about weather or not Canadian customers should actually be worried (unless they had to fallback to the old magstripe stuff, of course), because if chip and pin was breached too then it's not going to do the US a lot of good to upgrade to it. Anyone know the details?