Home Depot said it is investigating “some unusual activity” on its networks and working with “banking partners and law enforcement,” after security blogger Brian Krebs named the company as a common thread connecting a trove of stolen credit card accounts that have appeared in underground forums.
Krebs reported on Tuesday that “multiple banks” see evidence that Home Depot stores are the source of a “massive new batch” of stolen credit and debit cards that went on sale this morning in underground “carding” forums. The breach is believed to have affected Home Depot stores throughout North America – around 2,500 stores in total.
The company has held off from confirming a breach, so far. And as of early Wednesday, Home Depot’s home page made no mention of the incident. In a statement to Reuters, spokesperson Paula Drake said that the company is holding off pending an internal investigation, and is working with law enforcement.
“Protecting our customers’ information is something we take extremely seriously,” Drake told Krebs. “We are aggressively gathering facts at this point while working to protect customers.”
The Home Depot story comes in the wake of a slew of similar reports in recent weeks that include major brands like UPS and Dairy Queen. As many as 600 businesses are believed to have been compromised by cyber criminal groups using a new Point of Sale (PoS) malicious software program dubbed “Backoff,” which can skim credit cards immediately after they are swiped by customers.
Security researchers at TrustWave first identified Backoff in October 2013 after being contacted by law enforcement officials. The malware infects Windows-based point of sale systems, many of which are equipped with remote access software.
Trustwave Threat Intelligence Manager Karl Sigler said that cyber criminal groups often find vulnerable systems simply by scanning for the PoS systems that were visible to the public Internet. Those systems can then be compromised by cracking weak or default administrator passwords.
It is unclear whether Home Depot was also a victim of the Backoff malware. According to Krebs, the breach may have originated as early as April of 2014.
You can read more via Krebs on Security.