It was announced this week that the home improvement chain Home Depot has become the latest victim in a string of retail data breaches, and new information suggests it may be worse than originally thought. Despite some pretty strong evidence, the retailer has yet to officially confirm that their systems were hacked, only saying that unusual activity on the store's networks is being investigated.
Home Depot card data matches information for sale
According to security blogger Brian Krebs, it appears as though the payment card breach at Home Depot involved nearly all of the chains' stores. At least four banks have mapped the information from stolen cards back to previous transactions at Home Depot. Evidence that the retailer was hacked first surfaced on Monday when the online shop for stolen card numbers Rescator.cc started offering card data that seemed to relate to purchases made at multiple locations operated by the chain.
A comparison of the ZIP code data of the stores in which cards were stolen and those of Home Depot stores shows a 99.4 percent overlap, according to Krebs, suggesting that nearly every one of the retailer's almost 2,000 stores was involved in the breach. Bank officials have estimated that, based on the data available to them, the breach most likely started at the end of April or beginning of May. The notorious Target breach that involved nearly 1,800 stores only lasted about three weeks and still resulted in almost 40 million card numbers being stolen, so a breach continuing unnoticed for months is bound to impact an even greater number of customers.
Home Depot is America's fourth largest retailer by revenue, according to The Wall Street Journal. In an effort to protect against a future breach, the company's CEO Frank Blake told investors this week that the retailer has invested in new point-of-sale systems that are able to read the safer payment cards that use computer chips instead of magnetic stripes. The new cards are embedded with chips that create a unique code for each transaction that makes it much harder to steal account information. Blake said Home Depot has the card reading technology, but it won't be activated in stores until the end of 2014.
Monitor network behavior to detect breaches
With the amount of personal customer data companies hold on to these days, they can't afford to let a breach go unnoticed for months. At the same time, most organizations aren't able to employ the appropriate number of people to keep an IT security department running properly, letting things fall through the cracks. For enterprises that can't do everything themselves, concierge SIEM solutions provide constant monitoring of enterprise systems that is analyzed and used to provide reliable information about the threats facing a company at any given time. SIEM services look for network activity around the clock, so any anomalous behavior or security incidents will be noticed, ensuring network security and protection of customer data.