A suspected data breach affecting the banking details of millions of customers has been uncovered at US retail giant Home Depot. It appears that this Home Depot data breach could be as big as Target’s breach earlier this year.
In the last twenty-four hours a massive batch of credit and debit card information went on sale on a criminal Internet site and security experts believe it is from Home Depot customers. “There is a very high probability this attack is linked to the Russian hackers responsible for breaches at Target and P.F. Chang’s. The dates when card details were stolen go back to May or even April of this year, implying that the size of the theft could be even larger than the recent record-breaking data leak at Target” according to Ronan Murphy CEO of Irish IT Security Company Smarttech.ie
US security analysists have already estimated that the breach could possibly end up even larger than the one that affected Target and the 70 million credit and banking cards of their customers earlier this year. Home Depot have confirmed that they are investigating the breach and are working with all the financial institutions concerned as well as the law enforcement agencies.
According to Ronan Murphy CEO of Smarttech.ie “what is happening here is pretty sophisticated and well co-ordinated. The systematic targeting of the retail industry, as this breach appears to indicate, shows that the criminals are using a set of techniques and methods to target the weakest link on the chain. The targeting of payment card data, such as credit, debit and store cards clearly show that this method works.”
“It has now emerged that the payment card (mostly credit card) information was offered for sale on Tuesday of this week, by cyber criminals operating on an underground site that traffics in stolen financial information. This latest batch of cards is for sale from the same underground store that sold cards from P.F. Chang’s and Target,” said Ronan Murphy CEO of Smarttech.ie
“The data for sale includes information that would have come from the magnet strip on the back of credit and debit cards so based on that, there is probably malicious software on the point of sale registers in the stores,” according to Ronan Murphy, CEO of Smarttech.ie
“There is a high possibility that a recently discovered point-of-sale malicious software called ‘Backoff’ was responsible for the breach. The malware was first detected in October of 2013 and was not recognised by antivirus software programs until August of this year month. It is not known whether the Home Depot breach involved the ‘Backoff’ malware, but we do know that these kinds of data problems are pervasive,” said Smarttech.ie CEO Ronan Murphy
According to Ronan Murphy CEO of Smarttech.ie the impact on Home Depot has already been profound. “Almost immediately after reports of the possible major data breach began to appear in media outlets such as Bloomberg, the New York Times and the Wall Street Journal, the share price of Home Depot dropped. The company, which is the 4th largest retailer in the USA by revenue are now working with banks and law enforcement agencies to determine the scale of the breach and the steps to take to recover stolen or compromised data.”
The major breach at Target earlier this year is reported to have cost $146 million in breach-related expenses even after insurance payments. In addition to the denting of consumer confidence, the Chief Information Officer and the Chief Executive Office stepped down following the incident.
Due to the involvement of Russian cyber criminals in this action, it has been reported by other security analysts that this hack could be in retribution for U.S. and European sanctions against Russia for it’s aggressive actions in Ukraine.