|
 Home
Depot confirms security breach following Target data
theft
Send a link to a friend
[September 09, 2014]
By Nandita Bose
CHICAGO (Reuters) - Home
Depot Inc confirmed on Monday its payment security
systems have been breached, a data theft analysts warn
could rival Target Corp's massive breach last year. |
|
 Home Depot said the data theft could impact its customers in stores
across the United States and Canada, but there was no evidence that
online customers were affected or debit personal identification
numbers (PINs) were compromised.
"We owe it to our customers to alert them that we now have enough
evidence to confirm that a breach has indeed occurred," Chairman and
Chief Executive Officer Frank Blake said in a statement. "It is
important to emphasize that no customers will be responsible for
fraudulent charges to their accounts."
The breach was first reported by security website KrebsOnSecurity
almost a week ago. It said the problem could extend back to April
and affect all of Home Depot's 2,200 stores in the United States.
No details were immediately available on how many customers were
impacted. But Brian Krebs, who runs the security website, said last
week the breach could be larger than Target's last year when hackers
stole at least 40 million payment card numbers and 70 million other
pieces of customer data.
Krebs reported on Monday that Home Depot's systems were hit by a
variant of the same malware that compromised Target’s systems last
year.
Target has spent $146 million to resolve data breach-related issues
since the fourth quarter of 2013. Most of these expenses were for
settling actual and potential breach-related claims, mainly by
payment card networks.
The largest known breach at a U.S. retailer was uncovered in 2007 at
TJX Cos Inc, operator of the T.J. Maxx and Marshalls chains, which
had more than 90 million credit cards stolen over about 18 months.
Home Depot said it started investigating the data breach last
Tuesday, but the investigation will look at data from April.
[to top of second column] |
"It doesn't exactly say a lot of good things about their data
security systems if something was able to go on for months and they
didn't notice," said Kenneth Dort, partner at intellectual property
practice group, Drinker Biddle & Reath LLP.
Home Depot promised free identity-protection services, including
credit monitoring, to any potentially impacted customers.
Home Depot had said earlier it will roll out PIN- and chip-enabled
cards at all its U.S. stores by the end of the year.
The retailer also said its internal information technology security
team is working with banking partners, firms including Symantec Corp
and Fishnet Security, as well as the U.S Secret Service to gather
facts in the investigation, it said.
Shares of Home Depot ended 0.86 percent lower at $90.82 on the New
York Stock Exchange on Monday.
(Additional reporting by Shailaja Sharma in Bangalore and Nathan
Layne in Chicago; Editing by Savio D'Souza, Matthew Lewis, Richard
Chang and Lisa Shumaker)
[© 2014 Thomson Reuters. All rights
reserved.] Copyright
2014 Reuters. All rights reserved. This material may not be
published, broadcast, rewritten or redistributed.
 |
