Home Depot: Largest Retail Card Breach Ever

The final word on the Home Depot breach has been reported by Brian Krebs and it turns out to be a breach of massive proportions:

the pwnd depot

Home Depot said today[14th September] that cyber criminals armed with custom-built malware stole an estimated 56 million debit and credit card numbers from its customers between April and September 2014. That disclosure officially makes the incident the largest retail card breach on record.

The disclosure, the first real information about the damage from a data breach that was initially disclosed on this site Sept. 2, also sought to assure customers that the malware used in the breach has been eliminated from its U.S. and Canadian store networks.

“To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements,” the company said via a press release (PDF). “The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.”

Read Brian’s article in full here: Home Depot: 56M Cards Impacted, Malware Contained


Posted in:
About the Author

Brian Krebs

Brian became a world renowned security researcher while working for The Washington Post from 1995 to 2009 as the author of The Security Fix column. Since leaving The Washington Post in 2009 Brian has continued his research at Krebs on Security where he continues to investigate cyber criminal gangs, skimmers, software exploits, and the dark underbelly of the web .

One Comment

  1. Amazing how quickly they can roll out security enhancements along with (meaningless) assurances once they realise they have a publicity nightmare on their hands.
    Noteworthy also that the thefts occurred over several months without any system generated alerts.
    I’d score Home Depot about 2/10.
    It’s about time the customers who incur the consequences had some redress.