Reggie Dejean Director of Operations View Bio

Just eight months after Target suffered one of the biggest retail hacking attacks in history, Home Depot announced on Sept. 8 that it too had been hacked. Signs of the attack were discovered by security researcher Brian Krebs after learning that Home Depot was receiving calls from banks and law enforcement about suspicious transactions. According to the continuing investigation, the hackers may have had access to cards for the last six months.

106514127

It is not yet known how many credit and debit cards were stolen, but according to Home Depot, there is no evidence that debit card PINs were compromised. However, it is believed that hackers are creating counterfeit cards based on the ones stolen from Home Depot customers. Hackers can then change the PIN number and make withdrawals at ATM machines. Hackers continue to sell stolen card data and the cardholder’s personal information on international crime websites.

Companies that house credit and debit card data and personal information about millions of customers will undoubtedly continue to be major targets for hackers.

It appears that hackers used point-of-sale (POS) malware to gain access to Home Depot card terminals. The malware, known as FrameworkPOS, is thought to be based on a similar type of malware used in the Target breach, known as BlackPOS. The malware attacks POS terminals using a Windows operating system. Originally, researchers believed that the similarities between the two types of malware hinted at the possibility that the same hackers attacked both Target and Home Depot. However, it is now believed that differences between the two are significant enough to indicate that separate groups carried out the attacks.

Home Depot says only customers who recently shopped in their brick-and-mortar stores in the United States and Canada are at risk—there has been no evidence of theft for online shoppers. In response to the breach, Home Depot is offering free credit monitoring and identity theft protection for its customers. The Atlanta-based company has also replaced many of its card-swiping machines with new machines that accept more secure chip-enabled cards.

Companies that house credit and debit card data and personal information about millions of customers will undoubtedly continue to be major targets for hackers. Within the past year, Home Depot, Target, Albertson’s, P.F. Chang’s and Neiman Marcus have all been breached, along with many others. As a consumer, there isn’t a whole lot you can do to prevent this from happening, but there are ways you can prepare your business in case it gets breached:

  • Regularly monitor your bank accounts and credit card statements for unusual activity. Often, credit card companies will notice fraudulent charges, but they can’t catch everything. Vigilance is key.
  • If your company uses POS terminals, always ensure they have the latest anti-virus software installed.
  • Make sure your employees are well trained on how to protect company data. Teach them about social engineering risks, how to pick proper passwords and about bring-your-own-device protocols.

To find out what cyber security risks your company may have and how to protect your business, talk to one of our cyber security insurance consultants here.

, , , ,