September 10, 2014
Home Depot has confirmed that hackers have breached its store payments system and may have stolen up to 60 million credit card numbers. The breach could affect customers who paid with a credit or debit card at any of the 2,157 stores in the U.S. and Canada between April and September. This latest hacking incident has led retailers to speed up the installation of chip-reading credit card terminals at their stores. Credit card companies are also adding security to their cards.
The security breach at Home Depot may be the largest known attack to date, even larger than the breach at Target last year. Home Depot has about 400 more stores than Target did at the time of the hacking. Also, Home Depot’s security breach went unnoticed for months, while Target caught on after three weeks. About 60 million Home Depot customers may have been affected, compared to Target’s 40 million cardholders.
“Home Depot said it would offer free identity protection and credit monitoring services to any customer who had used a credit or debit card at any of its affected stores,” reports The New York Times.
The Department of Homeland Security and the Secret Service suspect that Home Depot is not alone in facing security problems with in-store cash registers. They believe that more than 1,000 businesses in the U.S. have been infected with malware. Companies such as UPS, Goodwill, P.F. Chang’s, Sally’s Beauty, Michaels and Neiman Marcus have been hacked.
According to The New York Times, these incidents may be connected to the same group of hackers in Eastern Europe.
To prevent future attacks, retailers and credit card companies alike are stepping up security. Home Depot and Target are working toward chip-reading credit card terminals. Chip-enabled cards and terminals protect consumers’ data by encrypting it.
“Visa Inc. and MasterCard Inc. said they are rolling out ‘tokenization’ technology that replaces sensitive cardholder information with a unique series of numbers used to identify customers,” notes The Wall Street Journal.
Currently, there are less than 50 million chip cards in the U.S., but those cards have already become the standard in many other countries. The deadline for companies to implement the EMV standard — or chip technology — is October 2015. After that, businesses without the technology may be held liable.
Even with the technology, companies will have to be diligent about monitoring their systems. One study by the Ponemon Institute and DB Networks found that most security experts in the U.S. believe that their organization does not have the tools to quickly detect a database attack. More than 20 percent of those security experts admitted that they did not do the necessary frequent monitoring needed to identify suspicious activity within their databases.