Interesting read relating to the recent Credit Card compromise at Home Depot. This article highlights the importance of Malware protection and keeping your system security patches up to date. Employee security awareness training helps minimise some of the risk posed by the Malware threat landscape.

HDepot (600 x 600)The world’s largest DIY retailer has admitted that 56m credit and debit card numbers were compromised over a five-month period in one of the worst breaches of customer data ever recorded. Home Depot said on Thursday night that although the data theft began in April, the malware used by the hackers had only been completely removed from its systems this month.

The breach was revealed on 2 September by the security website Krebs on Security, which said that all 2,200 of Home Depot’s US stores could have been affected. The chain, which did not confirm the data breach until 8 September, said that security groups Symantec and FishNet Security were brought in to investigate the possible hacking as soon it became known.

The criminals used “unique, custom-built malware” that had not been seen in similar attacks, which helped them to avoid detection for so long, Home Depot said. It had completed a major payment security upgrade to ensure better encryption of customers’ card numbers.

US retailers have been slower to adopt the chip-and-Pin technology found in Britain and most European countries as many American credit cards still lacked the appropriate chips. The US payments industry has set a deadline of October 2015 to switch to chip and Pin.

Frank Blake, chairman and chief executive of Home Depot, apologised to customers for the “inconvenience and anxiety” of the breach and said they would not be liable for any fraudulent charges.

“From the time this investigation began, our guiding principle has been to put our customers first and we will continue to do so,” he said.

Many banks have begun replacing credit cards affected by the theft.

The data theft eclipses the 40m card numbers stolen from Target customers last year and is second only to the 90m stolen from TJX, the owner of the TK Maxx clothing store chain, in 2007.

Government mandates Cyber Essentials for public-sector supply chain
Risk management key to cyber strategy, says BP