BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Home Depot Confirms Data Breach

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 8 Sep 2014 18:52:21 -0600
http://www.databreachtoday.com/home-depot-confirms-data-breach-a-7288

Home Depot has confirmed that its payment data systems have been breached,
potentially impacting customers using payment cards at its U.S. and
Canadian stores since April.

There is no evidence that the breach affected stores in Mexico or customers
who shopped online at HomeDepot.com, the home improvement retailer
confirmed Sept. 8.

Home Depot also says there is no evidence that debit PIN numbers were
compromised.

The company has 2,266 retail stores in all 50 states, the District of
Columbia, Puerto Rico, U.S. Virgin Islands, Guam, 10 Canadian provinces and
Mexico. In fiscal 2013, Home Depot had sales of $78.8 billion and earnings
of $5.4 billion.

"Home Depot's investigation is focused on April forward, and the company
has taken aggressive steps to address the malware and protect customer
data," the company says.

Any customer who used a payment card at a Home Depot store this year,
beginning in April, is being offered free identity protection services,
including credit monitoring.

"We apologize for the frustration and anxiety this causes our customers,
and I want to thank them for their patience and support as we work through
this issue," says Frank Blake, chairman and CEO. "We owe it to our
customers to alert them that we now have enough evidence to confirm that a
breach has indeed occurred. It's important to emphasize that no customers
will be responsible for fraudulent charges to their accounts."

The company has been investigating the breach since Sept. 2, after it
received reports from its banking partners and law enforcement that
criminals may have hacked its payment data systems (see: Update: Home Depot
Breach Investigation).

Home Depot also says it will roll out EMV terminals to all its U.S. stores
by the end of this year.

The company has been hit with a class action lawsuit after news broke of
the suspected breach

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: