Home Depot may bear the dubious distinction of having the largest known retail data breach to date. According to The New York Times, the home improvement superstore could surpass Target for the sheer number of stolen credit card numbers.
If you used plastic to pay for a purchase at Home Depot at any time between April and early last week, your information could be vulnerable. It’s estimated that more than 60 million credit cards numbers were stolen in the cyberattack. It doesn’t appear that PINs for debit cards were taken, the Times said.
Last year’s hack attack on Target resulted in the theft of more than 40 million credit and debit card numbers as well as 70 million customer records. Target’s breach went unnoticed by the retailer for about three weeks. In comparison, the Home Depot breach reportedly went unnoticed for as long as five months.
According to Krebs on Security, which reported on the new breach a week ago, at least some of the Home Depot computers were infected with a strain of the malware that attacked Target last year.
Home Depot is offering free identity protection services, including credit monitoring, to all customers who used a credit or debit card to purchase goods at its stores. Forbes said:
In a “Frequently Asked Questions” page on the company’s website, Home Depot said that it “strongly” encourages its customers to “review your payment card statements carefully and call your bank or card issuer if you see any suspicious transactions. The policies of the payment card brands such as Visa, MasterCard, American Express and Discover provide that you have zero liability for any unauthorized charges if you report them in a timely manner.”
Despite its attempts to help customers now, many people are upset that the breach wasn’t noticed earlier. Before the retailer had even confirmed the breach, Home Depot customers in Georgia filed a class-action lawsuit against the home improvement store for “failing to protect customers from fraud and not alerting them to the breach in a timely manner,” the Times said.
It appears that cybercriminals in Eastern Europe are behind this attack and many others. The Times added:
The Department of Homeland Security and the Secret Service recently estimated that more than 1,000 businesses in the United States had been infected with malware that is programmed to siphon payment card details from cash registers in stores. They believed that many of these businesses did not even know they were sharing customers’ credit card information.
Did you use plastic at a Home Depot store during the breach? Share your comments below or on our Facebook page.