Home Depot breach put 56 million payment cards at risk
Source: Washington Post
Home Depot announced Thursday that a breach at its U.S. and Canadian stores over a six-month period this year may have put an estimated 56 million payment cards at risk.
That would make it the largest compromise of debit and credit cards in the string of cyberattacks that have hit retailers over the past year. The attack that hit Target stores during the 2013 holiday season may have breached as many as 40 million cards, Target has said, although it was later revealed that the personal information of an additional 70 million consumers was also accessed.
Home Depot also said for the first time that the malware that facilitated the breach of its payment terminals has been eliminated from the companys systems.
The home improvement retailer says its ongoing investigation has revealed that cybercriminals use a custom-built malware to evade detection once implanted on the companys systems.
Read more: http://www.washingtonpost.com/blogs/the-switch/wp/2014/09/18/home-depot-breach-put-56-million-payment-cards-put-at-risk/
hlthe2b
(102,294 posts)and which got nabbed in both the Target and Home Depot incidents for another. sigh..... They wouldn't get a lot of money from me, but it could surely make my life miserable At least now, the card is worthless.
customerserviceguy
(25,183 posts)If enough consumers shun those two mass marketers (and there are plenty of alternatives) it will send a message to the rest of them that they need to invest wisely (and heavily) in proper security.
If you have no choice other than those merchants, then pay in cash, that itself will send its own message.
sybylla
(8,514 posts)They refuse to implement better security measures on their cards because it's more costly.
With the Home Depot debacle, my credit union is issuing me and everyone else involved a new card effective immediately.
Maybe soon they will be convinced they need to do more.
bigworld
(1,807 posts)like they've had in Canada and Europe for years. Basically we're still relying on magnetic strip (think: Cassette tape) technology when the rest of the world has moved on to a much more secure way to transact cards.
customerserviceguy
(25,183 posts)and you're fooling yourself if you think a chip on a card is going to eliminate the problem completely. It takes diligent IT work to keep on top of security, and never relent. When you do that stuff on the cheap, you screw over your customers.
The only lesson the big boys learn is financial. If at least ONE "we're too cheap to implement proper security" companies dies, it will send a big fat message to the rest of them.
Glad you think that a new card solves the problem completely, but this is not rocket science, and if a company cares about it's security, it can be a tougher nut to crack than its competition. I'm sure your credit union, which had to spend many thousands of dollars sending new cards to you and your fellow members agrees with me.
Just because it's no hassle for you doesn't mean it's no hassle for someone else. Do us all a favor, and only pay cash if you think you need to shop at Target or Home Depot.
FormerOstrich
(2,702 posts)Security need to be an integral part of the technologies in the beginning. The early technology was secure and IBM was working toward rock solid applications. Unfortunately, secure wasn't sexy and Microsoft and others ran over them. I remember when the "first to market wins" regardless if it was a POS.
Overtime the security was retrofitted into the OS on every platform. Look at the number of services and applications which start up on a average desktop PC. Not to mention, most average PCs are used only to navigate the web. The POS industry has middlemen and processors.
Plus, most of the anti-virus and security software is built outside of the US.
Yes, a vigilant IT staff and top of the line software can minimize your risks but it still all built on a foundation of sand.
D Man
(9 posts)We do not have secure payment methods like many other countries. It is coming however.
customerserviceguy
(25,183 posts)At one time, a magnetic stripe on a card seemed fraud-proof, too. The problem is not hiring enough qualified IT people to constantly keep one step ahead of the criminals.
It's like anti-auto theft measures, nothing devised by the mind of a human can absolutely stop a professional car thief from grabbing the car that the thief has targeted, but if you simply make a car too tough a nut to crack, then the amateur thief just moves on to the next lightly protected car. Outsourcing on the cheap is what got Target and Home Depot in trouble, no doubt.
Wouldn't it send a message if even one-quarter of those companies' business just went away?
D Man
(9 posts)That if it can be stolen, eventually the crooks will figure out how to do so. So yes, it probably will.
customerserviceguy
(25,183 posts)you never have the final solution to a problem, you need to keep working on preventing and defeating attacks from those who will find ever more clever ways to steal something of value.
That's the lesson corporate America needs to learn, they treat IT as a necessary evil instead of an integral part of their business function in the 21st Century. That needs to change.
QED
(2,747 posts)The CU contacted anyone who had used the debit cards at Harbor Freight, cancelling the old cards and replacing them.
When I went to get my new card I asked what the deal was - at first the bank guy told me that some local merchants weren't to careful about security. I replied, "You mean Fry's or Target?" He said, "Do you shop at Harbor Freight?"
It was once... I needed something for school and bought it there. So, if I ever need something from Harbor Freight again, it will be cash.
Kingofalldems
(38,458 posts)Hope I am safe.
D Man
(9 posts)If they captured the exp date on the card AND the 3 digit CVV, that is really all of the info needed.