Add Home Depot to the list of companies who have been victimized as a result of a third party contractor or supplier. The home improvement giant said in a statement on Thursday that the criminals that attacked the company’s network first gained access to the “perimeter” of Home Depot’s network. Target, the box store retailer, sketched out a similar scenario to describe the breach that resulted in the theft of 70 million credit cards numbers from its customers. In that case, a company that serviced HVAC systems in Target’s headquarters was reported as the source of the breach. Home Depot said that attackers were able to move within its network by elevating their level of network access and install what Home Depot described as “unique, custom-built malware” on self-checkout systems in the U.S. and Canada. The revelations about the circumstances of the breach came on a day when Home Depot […]
Search Results for "Home Depot"
Its a truism in cyber security that behind every great hack often lies a string of bad decisions and missed opportunities. Its also true that when you dig into the details of damaging cyber incidents, the root causes are personal and psychological as often as they are technical in nature. Organizations -even sophisticated and wealthy organizations – end up making bad decisions for all the wrong reason: failing to properly assess their risk, or pursuing short term savings when long term investment is needed. Home Depot learned via law enforcement that a breach of transaction data exposed as many as 52 million credit card transactions, the largest retail credit card breach to date. But as more comes out about the breach at home improvement giant Home Depot, it starts to look a lot more like the root causes there may have started in the HR department rather than the data center. The […]
Almost a week after public reports named Home Depot as a possible victim of a sophisticated cyber attack, the home improvement giant has acknowledged that it was hacked. In a statement on Monday, Home Depot said that an internal investigation confirmed a “breach of our payment data systems” took place. The breach affects the company’s U.S. and Canadian stores, though not its Mexican locations or online transactions, the company said. The incident also appears to have been long-lived. Home Depot estimates that the breach dates to April, 2014. The company did not say when it was finally shut down – though that date could be as late as July. Home Depot has been investigating the incident since it was first disclosed by Brian Krebs at the blog Krebsonsecurity. Krebs was alerted to the incident after large quantities of stolen credit cards began appearing on cyber criminal forums. Sources at […]
Security reporter Brian Krebs has an intriguing post from Sunday that suggests a link between the massive breach at Target Stores in late 2013 and the recently alleged compromise of systems at home improvement giant Home Depot. Home Depot has yet to acknowledge any theft of customer data from its computer systems. However, according to Krebs, an unnamed “source close to the Home Depot investigation” told him that an analysis of compromised computers at Home Depot revealed that some of the store’s registers were infected with a new variant of BlackPOS, a malicious software program designed to run on Windows-based point of sale (or POS) systems and steal card data when cards are swiped. BlackPOS was found on point-of-sale systems at Target last year. In March, the security firm Arbor Networks issued a report that cited BlackPOS as one of a number of point of sale system malware families that cyber criminal groups were using heavily: generating new […]
Home Depot said it is investigating “some unusual activity” on its networks and working with “banking partners and law enforcement,” after security blogger Brian Krebs named the company as a common thread connecting a trove of stolen credit card accounts that have appeared in underground forums. Krebs reported on Tuesday that “multiple banks” see evidence that Home Depot stores are the source of a “massive new batch” of stolen credit and debit cards that went on sale this morning in underground “carding” forums. The breach is believed to have affected Home Depot stores throughout North America – around 2,500 stores in total. The company has held off from confirming a breach, so far. And as of early Wednesday, Home Depot’s home page made no mention of the incident. In a statement to Reuters, spokesperson Paula Drake said that the company is holding off pending an internal investigation, and is working with law enforcement. […]