The Home Depot says hacking put 56M cards at risk

Steven Loeb · September 19, 2014 · Short URL:

The breach was even bigger than the one that affected Target last year

If there is one thing we've learned in the last year, its that brick and mortar retailers are just as susceptible to hackings and breaches as online payment sites. Yet they keep happening, over and over.

The latest retailer to be hit was The Home Depot, and now we that we know the details of what happened, it turns out that this is the worst one yet.

The home improvement retailer revealed on Thursday that information from a total of 56 million unique payment cards was put at risk between April and September of this year. Do you remember when Target was late last year? For comparison's sake, that breach affected 40 million cards, but the incident was enough to eventually take down the CEO of the company. And this breach was even worse than that.

Since Home Depot first became aware that it was being hacked in early September, the company says that its IT security team has been "working around the clock with leading IT security firms, its banking partners and the Secret Service to rapidly gather facts, resolve the problem and provide information to customers."

Here is what they have learned: the hackers used "unique, custom-built malware to evade detection," and that it was malware that "had not been seen previously in other attacks." 

The Home Depot is not saying what information, specifically, the hackers were able to get access to, but if it was anything like the Target breach they most likely were able to steal names, mailing addresses, phone numbers, and email addresses. Those hackers were able to gain access to information on 70 million customers.

I guess if there is some good news its that the company has already closed off the malware infected terminals, and it has installed some new security measures to make sure this doesn't happen again.

"To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements," The Home Depot wrote. "The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores."

All U.S. stores now have encryption technology, to scramble cards numbers. Canadian stores will get this technology by the end of the year. Conversely, Canadian stores all have EMV “Chip and PIN” technology, which will be rolled out to U.S. stores in the next few months. 

In addition, The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store beginning in April.

“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” Frank Blake, chairman and CEO of The Home Depot, said in a statement. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.” 

While the breach is over, the long-term financial effect on The Home Depot may just be starting.

Though the company is keeping its current guidance at 4.8% growth, this breach is going to cost at least $62 million, just from to investigating the data breach, providing credit monitoring services, increasing call center staffing, and paying legal and professional services. That does not even include the people who will now think twice before buying their goods from the store.

"Those costs may have a material adverse effect on The Home Depot’s financial results in the fourth quarter and/or future periods,” the company said.

(Image source:

Support VatorNews by Donating

Read more from our "Trends and news" series

More episodes