Senators want FTC probe of Home Depot breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.computerworld.com/article/2604371/senators-want-ftc-probe-of-home-depot-breach.html

The U.S. Federal Trade Commission should investigate security practices at
Home Depot following media reports that the hardware retailer's payment
systems have been breached, two U.S. senators said Tuesday.

Home Depot's U.S. and Canadian customers who shopped in stores since April
may be affected by the breach, the company said Monday, following news
reports of the compromise.

The breach raises questions about the retailer's security measures,
Senators Richard Blumenthal, a Connecticut Democrat, and Ed Markey, a
Massachusetts Democrat, wrote in a letter to the FTC.

"The millions of Americans who today are wondering whether their personal
information is in the hands of hackers and thieves deserve prompt
notification from Home Depot, and the FTC should do everything in its power
to protect consumers," the senators wrote.

Reports of long-standing vulnerabilities at Home Depot's website "raise
serious concerns" about the company's responsiveness to cyberattacks, the
letter continued.

"Given the unprecedented scope and extended duration of Home Depot's data
beach, it appears that Home Depot may have failed to employ reasonable and
appropriate security measures," the senators wrote. "Furthermore, it is
troubling that Home Depot has not yet been able to confirm that it has
successfully shut down the data breach."

The FTC has investigated several data breaches in recent years, and in some
cases, has required breached companies to implement new cybersecurity
programs and submit to independent security audits.

Home Depot doesn't believe customers who shopped at HomeDepot.com, or at
its physical stores in Mexico, were affected by the breach, the company
said. Customers won't be responsible for fraudulent charges related to the
breach, the company said Monday.

Home Depot didn't immediately respond to a request for comments on the
senators' letter.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!