Home Depot says 56 million account numbers compromised

September 18, 2014 Bob Sullivan 0

HomeDepot2Home Depot announced Thursday afternoon that hackers who stole data from the chain managed to steal 56 million credit and debit card account numbers before they were discovered.  The criminals used never-before-seen, custom-made malware, the firm said in a statement.  It’s now completed cleaning the malicious software from its systems, which required replacing 85,000 point of sale terminals.   The leak will cost the firm roughly $62 million, with $27 million offset by insurance coverage.

Criminals used unique, custom-built malware to evade detection. The malware had not been seen previously in other attacks, according to Home Depot’s security partners.  The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards.  The malware is believed to have been present between April and September 2014.

Consumers who shopped at Home Depot with plastic between April 2014 and today can get free identity protection services, including credit monitoring, from the chain.  They can visit www.homedepot.com for my details, or call 1-800-HOMEDEPOT (800-466-3337).

“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”

Additional assertions made by Home Depot in the statement issued today:

* There is no evidence that debit PIN numbers were compromised or that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com or HomeDepot.ca.

* The firm is now using new encryption technology, provided by Voltage Security, Inc.

* “Chip and PIN” technology, which began rolling out in early 2013 and already exists in Canadian stores, will be deployed to all U.S. stores by the end of the year, ahead of next’s year’s payment system deadline

* The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.

Sign up for Bob Sullivan’s free email newsletter

Don’t miss a post. Sign up for my newsletter

About Bob Sullivan 1699 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.
Website