This article is from the source 'washpo' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at http://www.washingtonpost.com/home-depot-breach-put-56-million-payment-cards-put-at-risk/2014/09/18/7abecbc0-e9b6-4e41-ad61-a1fc76dc7bed_story.html?wprss=rss_homepage
The article has changed 4 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Home Depot breach put 56 million payment cards at risk | |
| (35 minutes later) | |
| Over two weeks after admitting it was investigating a potential breach at its U.S. and Canadian stores, Home Depot has announced that the cyberattack put an estimated 56 million payment cards at risk over a six-month period. | Over two weeks after admitting it was investigating a potential breach at its U.S. and Canadian stores, Home Depot has announced that the cyberattack put an estimated 56 million payment cards at risk over a six-month period. |
| That would make it the largest single compromise of payment cards in the string of cyberattacks that have hit retailers over the past year. The attack that hit Target stores during the 2013 holiday season resulted in the potential compromise of 40 million credit and debit cards, although it was later revealed that the personal information of an additional 70 million consumers was also accessed. | That would make it the largest single compromise of payment cards in the string of cyberattacks that have hit retailers over the past year. The attack that hit Target stores during the 2013 holiday season resulted in the potential compromise of 40 million credit and debit cards, although it was later revealed that the personal information of an additional 70 million consumers was also accessed. |
| Home Depot now says it has closed off the hackers' method of entry into their systems and the point-of-sale malware that facilitated the breach "has been eliminated from the company’s systems." | Home Depot now says it has closed off the hackers' method of entry into their systems and the point-of-sale malware that facilitated the breach "has been eliminated from the company’s systems." |
| The home improvement retailer says its ongoing investigation has revealed that cybercriminals use a custom-built malware to evade detection on the company's systems, software that Home Depot's security partners do not believe has been previously identified. The breach, which had previously only been identified as going back to April, was confirmed to extend until September. | The home improvement retailer says its ongoing investigation has revealed that cybercriminals use a custom-built malware to evade detection on the company's systems, software that Home Depot's security partners do not believe has been previously identified. The breach, which had previously only been identified as going back to April, was confirmed to extend until September. |
| The company now says it has completed a major payment security project that provides enhanced encryption of payment data at its point-of-sales terminals in U.S. stores, an upgrade that was launched in January of 2014 -- before the breach appears to have begun. Home Depot expects to complete the roll out a similar system in its Canadian stores by early 2015. | The company now says it has completed a major payment security project that provides enhanced encryption of payment data at its point-of-sales terminals in U.S. stores, an upgrade that was launched in January of 2014 -- before the breach appears to have begun. Home Depot expects to complete the roll out a similar system in its Canadian stores by early 2015. |
| Home Depot's Canadian stores are already enabled with "Chip and PIN" technology -- a more secure credit card technology that is used in much of the world, but has not yet been widely deployed in the United States. Major payment processors have set an October 2015 deadline for retailers to do so or be liable for fraud caused by using outdated methods. Home Depot says "Chip and PIN" will be deployed in all of its U.S. stores by the end of the year. | Home Depot's Canadian stores are already enabled with "Chip and PIN" technology -- a more secure credit card technology that is used in much of the world, but has not yet been widely deployed in the United States. Major payment processors have set an October 2015 deadline for retailers to do so or be liable for fraud caused by using outdated methods. Home Depot says "Chip and PIN" will be deployed in all of its U.S. stores by the end of the year. |
| The company is offering free identity protection services -- including credit monitoring -- to customers who used a payment card at a Home Depot store after April of this year. “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Home Depot CEO Frank Blake in a statement. | The company is offering free identity protection services -- including credit monitoring -- to customers who used a payment card at a Home Depot store after April of this year. “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Home Depot CEO Frank Blake in a statement. |
| Unfortunately, beyond regularly checking their bank or credit card statements, experts say there's little individual consumers can do to protect themselves at this point. "There's not a whole lot of power consumers have," says Ben Johnson of cybersecurity firm Bit9+Carbon Black. Even if consumers start monitoring their accounts now, they are still susceptible to fraudulent activities that may have occurred during the months before the breach was discovered, he says. | Unfortunately, beyond regularly checking their bank or credit card statements, experts say there's little individual consumers can do to protect themselves at this point. "There's not a whole lot of power consumers have," says Ben Johnson of cybersecurity firm Bit9+Carbon Black. Even if consumers start monitoring their accounts now, they are still susceptible to fraudulent activities that may have occurred during the months before the breach was discovered, he says. |
| One of the few avenues actions available to consumers, Johnson says, is start applying pressures on retailers to provide better security on their systems -- but even then it can be unclear where exactly to direct those complaints, he says. | One of the few avenues actions available to consumers, Johnson says, is start applying pressures on retailers to provide better security on their systems -- but even then it can be unclear where exactly to direct those complaints, he says. |
| Johnson also worries that the frequency of breaches and the fact that payment card processors often end up covering the losses may desensitize consumers. "If people are exposed to this every week and not feeling it in their wallet, they may not really care." | Johnson also worries that the frequency of breaches and the fact that payment card processors often end up covering the losses may desensitize consumers. "If people are exposed to this every week and not feeling it in their wallet, they may not really care." |
| The string of breaches that have hit U.S. retail stores are thought by many experts to be the work of organized gangs of cybercriminals. "Every indication is that it's very much Eastern European," says Johnson. "They're incredibly organized. They may not necessarily use advanced technology, but they are very meticulous about their methods." | The string of breaches that have hit U.S. retail stores are thought by many experts to be the work of organized gangs of cybercriminals. "Every indication is that it's very much Eastern European," says Johnson. "They're incredibly organized. They may not necessarily use advanced technology, but they are very meticulous about their methods." |
| "They do their due diligence in researching their targets and find a way into the network," says Trey Ford, global security strategist at cybersecurity firm Rapid7. "Based on the information available, it’s a sophisticated, well-planned attack designed for a very significant pay day." | "They do their due diligence in researching their targets and find a way into the network," says Trey Ford, global security strategist at cybersecurity firm Rapid7. "Based on the information available, it’s a sophisticated, well-planned attack designed for a very significant pay day." |
| And the 56 million payment cards potentially breached at Home Depot speaks to why big box retailers are great targets for cybercriminals, he says. Cybercrime is essentially a business: Hackers will follow the money. | And the 56 million payment cards potentially breached at Home Depot speaks to why big box retailers are great targets for cybercriminals, he says. Cybercrime is essentially a business: Hackers will follow the money. |
| "You can be confident that the largest global retailers such as Wal-Mart, Carrefour, Tesco and Metro AG are paying close attention as the investigation continues,” Ford says. | "You can be confident that the largest global retailers such as Wal-Mart, Carrefour, Tesco and Metro AG are paying close attention as the investigation continues,” Ford says. |