As many as 56 million payment cards may have been compromised by the Home Depot cyber attack making it even larger than the one experienced by Target during last year’s holiday season.
The breach occurred from April through December of this year. The malware used during the attack had been eliminated from their system. Home Depot began a major payment security project before the security compromise, but hackers beat them to the finish line. That project is now complete in the U.S, and is slated to wrap up in Canada in 2015.
Since initial reports of a possible breach Home Depot locations, IT teams, along with the secret service, and banking partners, worked together to shed light on the situation.
The investigation discovered that hackers used a unique custom made malware to prevent being detected by the company’s security measures. Servers infected with the malware were taken out of commission, and the hackers’ access to Home Depot was blocked. According to Home Depot this malware hasn’t been used in other attacks.
At this time there is no evidence that customers’ debit PIN numbers are at risk. Customers who shopped in Mexico or online were not compromised.
The Home Depot is providing customers who used a payment card at stores from April to December with free identity protection services, which includes credit monitoring.
Revamped security measures
Home Depots new payment security system locks down customers’ payment information by scrambling it so hackers can’t read it, rendering it useless. This new encryption technology was developed by Voltage Security, Inc, and was vetted by two other IT security firms.
Home Depot started launching EMV chip and PIN technology in 2013, and it is scheduled to be in all stores by the end of 2014. This rollout is ahead of the deadline of 2015 originally set by the payment industry. The technology is already used in stores in Canada.
These new security measures required creating new software code and outfitting stores with new pin pads.