Was Home Depot’s Data Breach Even Preventable?
Home Depot’s recent revelation that it suffered a data breach might have come too late for you to do much but check your credit card statements — the company may have first suffered the loss as far back as April. Still, it probably wouldn’t hurt to check. Around 40 million credit cards could be at risk across the more than 2,000 Home Depots in the United States and Canada, reported Time Warner Cable News.
Reg Harnish, founder of GreyCastle Security, warned credit card users not to downplay the importance of not only this data breach, but others that may have already occurred that we’re not yet aware of.
“Everyone’s vulnerable, every organization is vulnerable. If you have a bank account you’re probably a target… It might be [as little as] pennies for your card… It’s not clear what information was compromised yet,… [but] I promise you that’ you’ve shopped at stores that have been victimized.”
As previously mentioned, Home Depot’s data breach probably occurred earlier this year in April. This was the same month that Home Depot finally signed a contract with a security provider to implement precautions. Currently, Home Depot has the security measures up and running in only about a quarter of its stores. A recent article about Home Depot’s data breach in The Wall Street Journal suggested that the lack of urgency major retailers have for implementing their systems may be their downfall.
“The answer goes beyond Home Depot and in part is cultural, security analysts said. Retailers have embraced the Internet, but haven’t fully come to grips with its speed or sense of urgency. Hackers move quickly to exploit flaws—unlike the decision-making and drawn-out testing procedures that corporations use when making big changes to store systems.”
But that’s not to put Home Depot completely at fault for the data breach. An unnamed source familiar with Home Depot’s security network commented that cybercriminals are often far ahead of security experts.
“You are always responding. You never can catch up to where they are.”
Techniques employed in the Home Depot data breach are similar to those used in the Target data breach scandal earlier this year — signs that WSJ explains as difficult to spot without knowledge that data has already been compromised.
“The payment systems at many retailers encrypt payment card data after it leaves a swipe pad. But computer security and law enforcement experts say there is a flaw: The data is generally vulnerable in the brief moment it passes into the system’s memory after the card is swiped. Hackers over the past few years have perfected software that lurks on card readers to grab the data, collects it in files hidden on a retailer’s network and then ships it out to a gang of waiting cybercriminals.”
[Image via Facebook]
