In what is being described as one of the worst ever breaches of customer data, Home Depot, the US DIY supplies chain has announced that over a five month period, beginning in April this year, the details of over 56 million customers may have been exposed, including their credit card details.
The hack was first spotted by KrebsOnSecurity, and later confirmed by anti viral firm Symantec and FishNet Security, both of which were hired by Home Depot to investigate the hack. While all 2,200 Home Depot stores were affected, it’s thought that only self checkout lanes may have been covertly recording customer information. This combined with relatively few (considering the potential number of stolen cards) credit card fraud cases appearing at either Visa or Mastercard, suggests that potentially, the number of stolen cards could be much lower than originally expected.
However, Home Depot and banks are still suggesting that customers potentially affected replace their cards in short order.
The reason the hack went undetected for so long, is because a custom malware that had never been used in similar attacks was used, so spotting it was difficult. To make sure it doesn’t happen again, Home Depot has said that it has comopleted a major upgrade to its payment security systems.
Regardless, some people have announced that they’re suing the chain of stores, with one person citing his reason as the fact that Home Depot took so long to discover the hack and warn customers.
So far the incident has cost Home Depot some $62 million (£38 million), less than half of which is being covered by insurance.
Discuss on our Facebook page, HERE.
KitGuru Says: That’s a lot of cards that are set to be re-issued and another reason to have some form of two factor authentication when using cards off and online.[Thanks Guardian]