Get caught up with latest news regarding data breaches for the week of September 22nd.
Home Depot – Nearly three weeks after investigations began regarding a potential data breach, Home Depot confirmed that over 56 million credit and debit cards were compromised in a data breach that lasted for five months. Brian Krebs originally reported that banks across the United States were starting to the see the signs of a data breach at the Home Improvement retailer nearly two weeks before Home Depot’s announcement. Home Depot’s data breach has now become the largest retail data breach ever, passing Target’s 40 million card breach, in which we estimate to cost Target over $2.6B from the breach alone. Following the data breach, Home Depot has encrypted its entire payment system and will be implementing chip & PIN (EMV) technology by the end of 2014. For more info on the Home Depot data breach, check out our blog post covering the largest retail data breach ever.Jimmy John’s– In what seems like a more common occurance now a days, Brian Krebs announced that the sandwich chain, Jimmy John’s, was investigating claims of a potential data breach back in late July. On September 24, Jimmy John’s issued a release informing its customers that a “data security incident” occured at approximately 216 of the chain’s locations. At the time of Jimmy John’s release, it appeared that only cards that swiped through the chain’s POS terminals were affected, leaving those who had their cards entered manually or online unaffected. A few days later, SC Magazine reported that the POS vendor for Jimmy John’s, Signature Systems, Inc. announced that the sandwich chain along with 100 additional small business were affected in the same breach.
It is still unknown how many cards have been affected from Jimmy John’s breach but check back for estimates in the next update.
C&K Systems – Brian Krebs announced that the third-party payment vendor of Goodwill, C&K Systems had taken responsiblity for the data breach that affected 330 Goodwill locations, compromising 868,000 cards. A day after Krebs obtained an internal Goodwill memo identifying C&K systems as the cause for the breach, C&K Systems issued a press release on their website. The two concerning facets of this data breach are that the data breach went on for eighteen months - February 2013 to August 2014- and that it took C&K Systems over 18 months to detect the break-in.
Viator – The global travel and activities booking site, Viator announced that nearly 1.4 million of it’s customers were the victim of a security breach. For nearly 900,000 of it’s customers, encrypted credit and debit card information was stolen. This includes card numbers, names, billing addresses and possibly Viator account info. For the remaining 500,000 customers, only Viator account information appeared to be stolen. Viator is in the process of notifying the 1.4 million affected customers of the data breach and is offering all those affected free identity protection and credit monitoring services.
To get Data Breach Ripples sent straight to your inbox every week, click below
