Home Depot 2014 BlackPOS Breach

Jacqueline von Ogden
by Jacqueline von Ogden
September 18, 2014
Table of Contents
Table of Contents
According to an updated AP news brief, the management of Home Depot (NYSE: HD) has acknowledged the PCI security breach in its U.S. and Canadian stores. Home Depot holds a major presence in the home improvement retail market with a total of over 2,260 stores located in the United States and a total of 287 retail stores in Canada and Mexico.

To date, there is no evidence that any online HomeDepot.com shoppers or customers making purchases at Home Depot stores located in Mexico were affected. Thus far, the Atlanta-based retailer has not released information that any debit card PINs or user data were not affected. Customers seeking additional information are encouraged to call a toll-free number at 1-800-466-3337.

The company joins the ranks as one of the latest payment card industry victims dealing with large-scale point-of-sale (POS) cyber information security attacks.

 

Management Reassures Customers

In a statement posted on the Home Depot corporate website, the management expresses its concern and assures customers that they will not be held responsible for any fraudulent activity affecting their credit card accounts. The retail giant is also extending an offer that includes complimentary identity protection services along with credit monitoring to all customers who shopped at Home Depot during the incident.

Customers will find a link on the Home Depot corporate site with information about identity protection and signup procedures for the free identity protection services [1].

Given the questions being raised by consumers with pending legal allegations stating that Home Depot's security measures were lacking and inadequate, two state Senators have stepped forward. On behalf of consumers, they have sent a letter to the FTC calling for an immediate investigation of security practices currently in place at Home Depot. The Senators also said that it is unacceptable for Home Depot to still be in a position where they are not able to completely shut down the cybersecurity breach.

When Home Depot management was asked to comment on the concerns raised by the two Senators, the company didn't immediately respond [2].

 

Record Breaking Breaches

This appears to be one of the largest breaches in history, possibly even larger than the Target breach from late last year. The malware known as BlackPOS is again responsible in this case as well [3]. It will be interesting to learn more details about this breach as the story unfolds.

 FIM for PCI 3 easy steps

References:

[1]https://ir.homedepot.com/news-releases/2014/09-08-2014-014517970

[2] http://www.pcworld.com/article/2604940/senators-call-for-investigation-o...

[3] http://krebsonsecurity.com/2014/09/home-depot-hit-by-same-malware-as-tar...
Tags:
Cybersecurity Compliance
Jacqueline von Ogden
Post by Jacqueline von Ogden
September 18, 2014
Since 1999, Jacqueline has written for corporate communications, MarCom agencies, higher education, and worked within the pharmacy, steel and retail industries. Since joining the tech industry, she has found her "home".
Follow me on LinkedIn

About Cimcor

Cimcor’s File Integrity Monitoring solution, CimTrak, helps enterprise IT and security teams secure critical assets and simplify compliance. Easily identify, prohibit, and remediate unknown or unauthorized changes in real-time

Compliance Module
MEET COMPLIANCE REQUIREMENTS WITH CIMTRAK

Simplify Compliance Needs & Stay Compliant

Get the Brief

Related Blog Posts

  • Jacqueline von Ogden
    |
     
  • May 8, 2014
Michael's Breach Made Possible with POS Malware

2 min read

  • Jacqueline von Ogden
    |
     
  • February 6, 2014
Retailer Neiman Marcus Breached in 2013

1 min read

The Real Price Tag of Retail Store Data Breaches
  • Jacqueline von Ogden
    |
     
  • October 4, 2016
The Real Price Tag of Retail Store Data Breaches

4 min read