Home Depot Gives 56 Million Customers a Heads Up

By Jack M. Germain 09/19/14 2:58 PM PT

Home Depot on Thursday said it had excised the malware demon from its computerized payment system after its recent discovery of a security breach in which thieves stole records of 56 million credit cards.

Home Depot stopped short of admitting that an ongoing security upgrade may have contributed to the breach. Efforts to harden the system with enhanced encryption and new technology will not be completed in some areas until early next year.

Cybercriminals used a custom-built malware attack to evade detection for at least five months -- from April to September -- the company said.

The malware had not been seen in other attacks, according to Home Depot's security partners.

The hackers' method of entry is now closed, the company emphasized. Any terminals identified with the malware were taken out of service, and security enhancements were put in place.

"Customers should carefully monitor their statements and take advantage of the free ID protection and credit monitoring we are offering," Paula Drake, a Home Depot spokesperson, told the E-Commerce Times.

Despite the measures taken, Home Depot and its customers could face future consequences from the breach. There is no evidence that debit card PINs were compromised, or that the breach impacted stores in Mexico or customers who shopped online at HomeDepot.com or HomeDepot.ca.

"We don't know if email addresses have been stolen, said Stu Sjouwerman, CEO of KnowBe4. "Probably not. So consumers are probably just dealing with the standard compromised credit card accounts."

This malware attack was a very specific software vulnerability. Once it is plugged, you are OK, he told the E-Commerce Times.

Originally posted here:
Home Depot Gives 56 Million Customers a Heads Up