Home Depot: 56M Cards Impacted, Malware Contained

[InfoSec News <alerts () infosecnews org>]

http://krebsonsecurity.com/2014/09/home-depot-56m-cards-impacted-malware-contained/

By Brian Krebs
Krebs on Security
Sept 18, 2014

Home Depot said today that cyber criminals armed with custom-built malware 
stole an estimated 56 million debit and credit card numbers from its 
customers between April and September 2014. That disclosure officially 
makes the incident the largest retail card breach on record.

The disclosure, the first real information about the damage from a data 
breach that was initially disclosed on this site Sept. 2, also sought to 
assure customers that the malware used in the breach has been eliminated 
from its U.S. and Canadian store networks.

“To protect customer data until the malware was eliminated, any terminals 
identified with malware were taken out of service, and the company quickly 
put in place other security enhancements,” the company said via press 
release (PDF). “The hackers’ method of entry has been closed off, the 
malware has been eliminated from the company’s systems, and the company 
has rolled out enhanced encryption of payment data to all U.S. stores.”

That “enhanced payment protection,” the company said, involves new payment 
security protection “that locks down payment data through enhanced 
encryption, which takes raw payment card information and scrambles it to 
make it unreadable and virtually useless to hackers.”

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/