Yet another massive credit card breach has followed in the wake of the attack on Target’s customer information. Home Depot revealed that an attack on their own network went undetected for five months, allowing cyber criminals to obtain the credit card information for millions of users. The breach was discovered by the home improvement store early in September. The public did not find out until September 18, when Home Depot released an official statement regarding the investigation details on the breach.
Home Depot CEO Frank Blake stated, “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges.”
Customers are already feeling the aftereffects of the security catastrophe. New York resident Shirley Gaudioso discovered fraudulent charges totaling $618. The Poughkeepsie Journal reports that Gaudioso contacted Home Depot for assistance.
Unfortunately, attacks like the ones on Home Depot and Target aren’t likely to be isolated incidents. These security breaches happen when cybercriminals find retailers with vulnerable systems. They install malware that remains dormant, collecting payment information and funneling this data to overseas servers. Hackers are able to obtain more customer information the longer the malware goes undetected. This malware went undetected for five months, until law enforcement officials and financial institutions contacted Home Depot regarding security breach concerns.
To prevent future attacks, Home Depot is rolling out system encryption and a special Europay MasterCard and Visa (EMV) chip payment system. The New York Times describes how EMV “makes it more difficult for criminals to use stolen account information to make purchases or create counterfeit cards.” Home Depot is working to implement the EMV program by the end of 2014.
Customers affected by the data breach are being offered free credit card monitoring and fraud protection services, a solution that Target also explored after their security breach. Customers who have recently shopped at Home Depot should explore these complementary services to ensure that their payment information is safe.
Sadly, these data breaches may be more widespread than we realize. The only reason why Home Depot was able to report this breach was because they caught the attack. However, it’s possible that other payment systems in the U.S. are affected by undetected malicious software. It is impossible to tell how widespread this issue really is. The Home Depot breach was significantly larger than the Target data breach, demonstrating the potential vulnerability of other retail systems. Following the Target data breach, the Department of Homeland Security warned other retailers about the increased possibility of point of sale malware.
Customers who have recently shopped at Home Depot should keep a careful eye out on their financial records. Contact your credit card company or bank if you believe that a fraudulent charge has been made, and explore the free protection services provided by Home Depot. Hopefully, new encryption and payment processes are able to slow down the volume of attacks against retailers in the future.