Home Depot Breach is Officially the Largest Breach on Record
Home Depot today came out with a official report about the massive breach that occurred between April to September 2014. In the PDF report Home Depot said that it was targeted by cyber criminals using a custom build malware. The malware then began leaking data to the hackers and as per the investigations carried out by both Home Depot and the law enforcement agencies, the hackers stole an estimated 56 million debit and credit card numbers of its customers. That disclosure officially makes the incident the largest retail card breach on record.
This record breach has the breaks the previous breaking the previous record of the record for the largest retail card breach went to TJX, which lost some 45.6 million cards. The next in line for making to this unwanted list is Target breach which is supposed to have leaked 40 million debit and credit card number.
The Target breach lasted roughly three weeks, but it exposed some 40 million debit and credit cards because hackers switched on their card-stealing malware during the busiest shopping season of the year.
Krebsonsecurity initially broke the story about the breach on September 2 and Techworm brought the story to you the very next day. and it took Home Depot a week to confirm the breach and stealing of customer debit and credit card information.
The Home Depot Discloure
The Disclosure gives a full account of the massive leak and seeks to assure the Home Depot customers that the malware used in the breach has been eliminated from its U.S. and Canadian store networks. Home Depot, through the disclosure states that,
“To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements. The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.”
The Disclosure also said that Home Depot that it has added that it has put in“enhanced payment protection,” which involves new payment security protection “that locks down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers.”
“Home Depot’s new encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms,” the statement continues. “The encryption project was launched in January 2014. The rollout was completed in all U.S. stores on Saturday, September 13, 2014. The rollout to Canadian stores will be completed by early 2015.”
The report goes on to explain the timeline of the events. Home Depot stated that the hackers had been stealing card data from Home Depot’s cash registers up until Sept. 7, 2014, a full five days after news of the breach first broke.