Last week, Brian Krebs warned of a suspected data breach at Home Depot stores across the US and Canada dating back to April this year. Unfortunately, that breach has now been confirmed.
Even though it appears that the PINs tied to debit cards were not compromised, Brian’s latest report on the breach warns that multiple financial institutions are now reporting a steep increase in fraudulent ATM withdrawals on customer accounts. How is that possible? Brian Krebs explains:
The card data stolen from Home Depot customers and now for sale on the crime shop Rescator[dot]cc includes both the information needed to fabricate counterfeit cards as well as the legitimate cardholder’s full name and the city, state and ZIP of the Home Depot store from which the card was stolen. The ZIP code data of the store is important because it allows the bad guys to quickly and more accurately locate the Social Security number and date of birth of cardholders using criminal services in the underground that sell this information.
The breach could potentially impact any customer that has, from April forward, used their payment card at the company’s US and Canadian stores. Home Depot has finally confirmed the breach issuing the following concise statement:
Last Tuesday, September 2, we disclosed that we were investigating a possible breach of our payment data systems. We want you to know that we have now confirmed that those systems have in fact been breached, which could potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward. We do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.
We apologize for the frustration and anxiety this causes our customers.
We also want to emphasize that you will not be responsible for any fraudulent charges to your accounts, and we’re offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on.
Home Depot’s statement also includes a link to “learn more about the identity protection services and how to sign up for them” here: https://homedepot.allclearid.com/. As well as advice for potentially affected customers to closely monitor payment card accounts and report any unusual activity to the issuing bank.