The Rippleshot Data Breach Blog

Data Breach At Home Depot

Written by Zach Walker | Sep 8, 2014 3:46:00 PM

Update 1: In a Brian Krebs exclusive, sources informed Brian Krebs that in a conference call with several financial institutions, MasterCard shared several updates regarding the Home Depot data breach. According to Krebs' sources, MasterCard told affected banks that the card brand believes that only self-checkout terminals were affected in the breach. At the time of writing, Home Depot neither confirmed nor denied this report as the investigation is still underway.

Update 2: Home Depot has issued a press release stating that 56 million payment cards have been compromised due to the retailer's data breach and that all traces of the malware have been removed from Home Depot's systems. Home Depot is offering free identity protection, including credit monitoring, for any customer who used a payment card at a Home Depot store from April 2014 and on. All affected customers can learn more at www.homedepot.com or call 1-800-HOMEDEPOT (800-466-3337) for more information.

On September 02, Brian Krebs reported that several banks across the United States were beginning to see batches of stolen credit and debit cards go up for sale on underground markets. These stolen bank cards all seemed to be linked to customers who had shopped at the world's largest home improvement retailer. While a data breach has not yet been confirmed by Home Depot, the retail chain is currently working with law enforcement agencies and affected banks to investigate the reports of suspicious activity.

When asked about the current status of the investigation, Home Depot's CEO Frank Blake told investors on Thursday that the company was in the process of investigating the potential data breach, reassuring customers that they would not be held liable for any fraudulent charges. While the exact scope of this breach is currently unknown, many of the banks that were in contact with Brian Krebs believe the data breach could have started as far back as May of 2014. For reference, the breach window for the massive Target breach which had 40 million bank cards stolen, lasted only 3 weeks. While this fact does not guarantee that a breach at Home Depot will have more affected customers, it raises concerns for consumers, card issuers and retailers alike.

The following morning, Brian Krebs took on the task of matching the zip codes listed in the two batches of stolen bank cards found on cybercrime store rescator[dot]cc to the locations and ZIP codes of Home Depot's retail locations. What Krebs found, is could be a watershed moment for the home improvement retailer. According to KrebsOnSecurity, "a comparison of the ZIP code data between the unique ZIPs represented on Rescator's site, and those of the Home Depot stores shows a staggering 99.4 percent overlap."

Home Depot joins the ever growing list of big companies that has been breached in past this three months. Ebay suffered a massive data breach this past May, exposing 145,000,000 customer information. , P.F. Chang’s China Bistro confirmed a data breach affecting locations across the U.S. and was forced to use manual credit card processing system for a whole month.

According to a new report by Brian Krebs, the bank card breach uncovered at Home Depot last week seems to have been affected by a variant of the the malware that stole card account data from nearly 40M Americans at Target last December. At this time, Home Depot has still not confirmed that a security breach has occurred on their systems but the information currently available indicates a data breach.

Investigations have revealed that same malware that were used in Target is also responsible for the breach at Home Depot. Named ‘Black POS’ or ‘Kaptoxa’ (‘potato in Russian), the malware has ability to steal credit and debit card system from the physical memory of point-of-sale device. It is extremely difficult to detect with the existing anti-virus software as the malware disguises itself as part of the anti-virus software. Investigators and Krebs suspect that the same gang who attacked Target is also responsible for the Home Depot incident, as the stolen information was sold in the same Russian black market.

As more information becomes available regarding Home Depot's data breach, we will continue to update this page. Be sure to check for new updates and what to do if you were affected.