Breach at The Home Depot confirmed
Tuesday September 9 2014
US retailer confirms payment data systems suffered breach which could impact customers using cards at US and Canadian stores
While the breach has impacted customers in the retailer’s US and Canadian stores, there seems to be no evidence that details of Mexican customers, or of online customers at the HomeDepot.com store, have been compromised.
In a communication issued on 8 September, the company said it was still working to determine the full scope, scale and impact of the breach, adding that there is no evidence that debit PIN numbers have been compromised.
“Home Depot’s investigation is focused on April forward, and the company has taken aggressive steps to address the malware and protect customer data,” reads the statement, which also announced that the retailer is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on.”
“We apologise for the frustration and anxiety this causes our customers and I want to thank them for their patience and support as we work through this issue,” said outgoing Frank Blake, chairman and CEO. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasise that no customers will be responsible for fraudulent charges to their accounts.”
It’s understood the retailer started investigations on 2 September, after the company received reports from its banking partners and law enforcement that criminals may have hacked its payment data systems.
Since then, the company’s internal IT security team has been working with leading IT security firms, its banking partners and the Secret Service to get to the bottom of the situation.
Chip and PIN
As per comments made by Blake on an investor call last week
, The Home Depot has confirmed it will roll out EMV “Chip and PIN” to all US stores by the end of this year, reminding the industry that this would be in advance of the October 2015 deadline established by the payments industry.
Tagged as: Home Depot | breach | security | fraud | credit card | PoS | theft | loss | compliance | chip & PIN | ePoS | PCI DSS | encryption | Alert Logic | NCC Group | Lancope | Zscaler Labz |