The latest victim of Russian hackers specializing in point-of-sale (POS) theft appears to be the venerable do-it-yourself store, Home Depot. The Atlanta-based home improvement retailer told The Associated Press Tuesday that it is working with both, banks and the law enforcement to investigate “unusual activity” that would point to a potential hack attack.
“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers,” said Paula Drake, a spokeswoman at Home Depot, declining to elaborate. She said the retailer would notify customers immediately if its investigations confirm a possible breach.
The tremors of the possible breach of customer data were felt even in the stock markets and shares of Home Depot Inc. fell $1.88, or 2 percent, to close at $91.15.
Hackers have broken security walls for many retailers in recent months, including Target, grocery store chain Supervalu, P.F. Chang’s and the thrift store operations of Goodwill. The rash of breaches has rattled shoppers’ confidence in the security of their personal data and pushed retailers, banks and card companies to increase security by speeding the adoption of microchips into U.S. credit and debit cards.
Supports say chip cards are safer, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer’s register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards are also nearly impossible to copy, experts say.
Hackers probably installed malicious software on Home Depot’s point-of-sale cash registers capable of stealing bank account information, names, card expiration dates and other data, said Trey Ford, global security strategist for Boston-based software security company Rapid7 LLC. The incident is probably another example of hackers relying on so-called Backoff malware, which the Secret Service estimates has been used to target more than 1,000 businesses over the past year.
“This is effectively a keystroke logger,” said Ford, who doesn’t have direct knowledge of the Home Depot attack. “It’s capturing all that stuff that comes in.”
The possible data breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported “evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards.” Krebs added that the data was being sold on the underground forums starting Tuesday.
Krebs reported that it’s not clear how many stores were affected but preliminary analysis indicates the breach may have affected all 2,200 Home Depot stores in the U.S. Several banks that were contacted said they believe the breach may have started in late April or early May.
“If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period,” said the Krebs post.
Krebs said that the party responsible for the breach may be the same group of Russian and Ukrainian hackers suspected in the Target breach late last year. It is noted that Krebs had also broken the news of Target’s breach in December.