Could Home Depot Have Prevented Massive Breach?

Retailer confirms breach of 56 million records, as former employees say they warned company of risk years ago.

September 22, 2014

NEW YORK – Last week Home Depot confirmed that 56 million cards might have been compromised during a five-month attack on its payment terminals, making it much larger than last year’s Target breach that affected close to 40 million consumer accounts. 

Yet, to some familiar with Home Depot’s payment security protocol, this breach may not have been entirely unexpected. According to an article in the Wall Street Journal this weekend, former employees claim that they had warned the company about the risk of a cyber attack dating back to 2008, and the company was slow to react, continuing to rely on outdated software to protect its network for years.

The home improvement retailer posted a notice to consumers on its website confirming that its payment data systems were breached, potentially impacting customers who used a card at its U.S. and Canadian stores from April to September. 

“We are able to tell you that the malware used in the recent breach has been eliminated from our U.S. and Canadian networks,” notes the website, adding:

“We also want you to know that we have completed a major payment security project that provides enhanced encryption of payment card data at point of sale in our U.S. stores, offering significant new protection for customers. The rollout of enhanced encryption to Canadian stores will be completed by early 2015. Canadian stores are already enabled with EMV ‘chip and PIN’ technology.”

Retailers can learn more about cyber security and protecting their operations from data breaches at the upcoming NACS Show.

Educational sessions in the Technology Track, such as Compliant Data Security with Rick Dakin of Coalfire Systems, focus on why it is in your company’s best interest to develop strategic practices and create company policies that go beyond PCI compliance mandates.

IT professionals attending the NACS Show can also participate in Technology Edge, where a range of educational sessions key in on some of today’s most top-of-mind technology opportunities and issues, including cyber security.