Slashdot Mirror

← Back to Stories (view on slashdot.org)

Home Depot Says Breach Affected 56 Million Cards

Posted by Soulskill on from the going-for-the-high-score dept.

wiredmikey writes: Home Depot said on Thursday that a data breach affecting its stores across the United States and Canada is estimated to have exposed 56 million customer payment cards between April and September 2014. While previous reports speculated that Home Depot had been hit by a variant of the BlackPOS malware that was used against Target Corp., the malware used in the attack against Home Depot had not been seen previously in other attacks. "Criminals used unique, custom-built malware to evade detection," the company said in a statement. The home improvement retail giant also that it has completed a "major payment security project" that provides enhanced encryption of payment card data at point of sale in its U.S. stores. According to a recent report from Trend Micro (PDF), six new pieces of point-of-sale malware have been identified so far in 2014.

14 of 80 comments (clear)

  1. Apple Pay? by gnasher719 · · Score: 4, Interesting

    So what would have happened to someone who didn't use their card, but an iPhone 6 with Apple Pay? I take it they would be completely unaffected?

    1. Re:Apple Pay? by master_kaos · · Score: 2

      exactly, since the merchant never sees the credit card number.

    2. Re:Apple Pay? by michrech · · Score: 2

      Great -- now the hackers that got my credit / debit card numbers could, instead, get my PayPal info! We all know how nice PayPal is to customers when their accounts are compromised!

      --
      bork bork bork!
    3. Re:Apple Pay? by gnasher719 · · Score: 2

      The merchant doesn't see the credit card number with modern POS systems, either.

      Unless they are hacked, like in Home Depot :-( Point is that the POS system doesn't see the credit card number either.

  2. sad by Charliemopps · · Score: 4, Interesting

    I'm currently on the phone with my bank dealing with this.
    Thanks Home Depot!
    After you're done cleaning up this mess, could you clean up the bolt isle so I can actually find what I'm looking for should I ever decide to return to your store?

    1. Re:sad by i+kan+reed · · Score: 2

      Well, considering the two of them ran all the small local hardware stores out of business, enjoy shopping at Lowes, instead.

    2. Re:sad by Charliemopps · · Score: 2

      Well, considering the two of them ran all the small local hardware stores out of business, enjoy shopping at Lowes, instead.

      There are plenty of small hardware stores around me. Dozens actually... I'm always at the hardware stores. They thrive specially because Home Depot doesn't have everything... They only sell things that are of high profit and easy to sell. If you have an account with them you can order pretty much anything you want and have it ready for pickup in a few days. But stop in for some odds and ends? Good luck. Better luck at the local hardware store.

      I, unfortunately, live blocks from a home depot however... so I'm on occasion lured by convenience.

  3. Re:Credit cards? by NoNonAlphaCharsHere · · Score: 3, Interesting

    At this point, mag-stripe cards are almost as old-coot-technology as paper money. We can't have nice things (chip & pin) because American industry is too cheap to upgrade infrastructure.

  4. Re:Credit cards? by afidel · · Score: 3, Interesting

    Uh, we're getting chips over the next 12 months, next September is when the liability shifts to the merchant if you have a chip card and they accept it as a swipe so every issuer is going to be sure to have cards out there by then and every large merchant is going to have the ability to use them. The one thing is in the US we're mostly going to be chip and signature, not chip and pin.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  5. Official Home Depot statement by eclectro · · Score: 4, Interesting

    From their website. This is the official Home Depot statement.

    Really, this symbolizes the lackadaisical attitude people have when it comes to security - that a breach is not going to happen to them. You'd think after Target major companies like Home Depot would have audited their own security processes.

    --
    Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
  6. Re:Credit cards? by Cpt_Kirks · · Score: 2

    I was just informed my DEBIT card is on the list, and it's going to cost me $25 to have it replaced.

    The least those assholes at THD could do would be to pay for that.

  7. Re:Credit cards? by Anonymous Coward · · Score: 3, Insightful

    All the old coots who are still using paper money are laughing at the cashless whipper snappers who shopped at the home depot. Until EMV is accepted everywhere, use cash if you can. Do not use a debit card! Credit card data breaches of major retailers are now widespread.

  8. Canadians already using chip & pin... by Anonymous Coward · · Score: 2, Interesting

    Whenever this story pops up, it's always "US and Canadian stores affected..." followed by a bunch of frustrated comments about how the US isn't using chip and pin yet. Well Canada *is* using chip and pin, and I can never find any details about weather or not Canadian customers should actually be worried (unless they had to fallback to the old magstripe stuff, of course), because if chip and pin was breached too then it's not going to do the US a lot of good to upgrade to it. Anyone know the details?

  9. Court Testimony described HD's developers workdays by McGruber · · Score: 2

    When I watched Justin Ross Harris' Preliminary Hearing, I was stunned by how little work Home Depot's developers seem to do.

    Harris worked for Home Depot's ".com business" per a quote from the Home Depot Corporate Communications Manager in this CNN article. The Preliminary Hearing did an amazing job of describing his typical workday: After watching cartoons with his child, then taking him out for breakfast, Harris eventually arrived at his office at about 10 AM. About 90 minutes later, he went out for a long lunch, with a carload of coworkers. After eating, the group stopped at a store to puchase some items. After lunch, Harris is at his desk for a few hours, but then he was out the door at 4 PM, off to watch a movie with some of his coworkers.

    The hearing documented that he put in, at most, about five hours of work. During those five hours, he was IMing women on dating sites and also IMing a couple coworkers about a small startup/consulting business they had.