Home Depot Says Credit Card Breach Put 56 Millions Cards At Risk
Home Depot announced on Thursday that the security breach it reported this month allowed online thieves to steal information from 56 million credit and debit cards. If so, this breach will end up being much worse in terms of data loss than a similar attack late last year on Target.
A type of malicious software, or malware, was placed on Home Depot cash registers from April to September, the company said in a news release. The malware was found in Home Depot stores in the USA and Canada.
Thieves "are able to invest time in researching their targets to find a way into the network," says Trey Ford, a global security strategist at the security firm Rapid7, in a statement. "Once they're in, they stay quiet and fly unobserved under the radar."
Brian Krebs (who broke the news of the breach on KrebsOnSecurity.com) has said that the malware was only installed in self-service aisles, which limits the data loss tremendously. So, if you used a self check-out at Home Depot, you're going to want to keep an eye on your accounts. Both credit and debit information was taken, though the thieves would not have been able to steal PIN numbers.
The malware has now been eliminated, according to Home Depot. All infected terminals were taken out of service and Home Depot is offering credit monitoring to affected customers.