This week it was confirmed that DIY store Home Depot’s payments systems were hacked, which could potentially affect millions of shoppers. Not only is this a PR catastrophe for the company, but it could turn out to be the biggest information breach in history. Home Depot has over 2,000 stores both in the US and Canada, however the company has not yet confirmed how many shoppers’ personal data has been affected.
The scandal was first revealed by a cyber security website, reporting a possible hack of Home Depot’s data, which had targeted credit and debit cards that were used on malware register machines. The same website also revealed that a number of banks saw a rise in fraudulent ATM withdrawals on Home Depot’s customers’ accounts since the hack occurred, back in April 2014.
Mr Krebs wrote: “the zip code data is important because it allows the bad guys to quickly and more accurately locate the social security number and data or birth of cardholders using criminal services in the underground that sell this information”. Once thieves have this key piece of information, they can call the bank systems’ automated call centres and change the PIN codes on cards.
This is not the first case of a retailer suffering an information breach. The same incident occurred in Target’s US stores, when a new malicious software program, called BlackPOS, stole data from up to 40 millions credit and debit cards. This left the personal information of up to 70 millions customers potentially exposed when these were used in infected registers running Windows.
Security experts say the main reason behind these hacks is the use in the US of weak payment systems that are more vulnerable to card hacks. This payment system relies on machines and registers that use a scanning mechanism of the magnetic stripe on the back of cards, giving cyber thieves an excellent opportunity to strike by infiltrating the registers.
Home Depot’s Chairman and CEO Frank Blake said, “we apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue”.
The DIY store has announced they will, from the end of this present year, begin to use new payment methods such as chip-and-pin and chip-and-sign. Home depot announced in August that Blake would step down as CEO to be replaced by Craig Menear, president of the company’s U.S. retail operations.