Home Depot Breach Hit 56 Million Credit And Debit Cards
Earlier this month, Home Depot announced a data breach that hit its 2,200+ home improvement stores in America and Canada. The company now confirms that a whopping 56 million credit and debit cards were affected by the breach.
The magnitude of the Home Depot credit card hack makes it even larger than the Target security breach that put 40 million card accounts at risk in late 2013. In fact, Home Depot’s numbers are second in size only to the TJX data heist in 2007, which reached a total of 90 million accounts.
The investigation for the breach began on September 2, and since then, officials have confirmed the data was seized from April to September of 2014. Malicious software was used in Home Depot’s point of sale terminals to collect credit and debit card numbers from customers using their cards to pay for home improvement supplies.
In a statement issued by Home Depot earlier this month, chairman and CEO Frank Blake said, “We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue. We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
Home Depot says there is no evidence that debit card PINs were compromised during the breach, and the attack did not affect stores in Mexico or online customers. The retailer says the malware used to get into their registers has been eliminated, and it has already completed a “major” payment security project to enhance the encryption of customer’s payment data during checkout.
The Department of Homeland Security issued an advisory in August stating more than 1,000 businesses were impacted by the “Backoff” malware used in the Target breach. Home Depot is the latest in a long line of retailers hacked within the last year, including Target, Neiman Marcus, Michaels, P.F. Chang’s, Dairy Queen, UPS Stores, Sally Beauty, and Supervalu and Albertsons grocery stores.
It appears as though Americans are beginning to accept data breaches as a “norm” due to the surge of credit card hacks within the last 10 months.
John Kindervag, vice president and principal analyst at Forrester Research, said, “This is a massive breach, and a lot of people are affected. Home Depot is very lucky that Target happened because there is this numbness factor.”
Another factor working in Home Depot’s favor is the lack of competition in its niche. Home Depot is the largest home improvement retailer in America, and it is backed by a loyal group of followers who rarely shop anywhere else. Close to 40% of Home Depot’s sales are from professional contractors and construction service providers who shop at the store multiple times a week. This customer base is not likely to leave just because of a data breach.
Prior to the hack, Home Depot had plans in place to roll out EMV chip and PIN terminals in all of its stores by the end of this year, far sooner than the October 2015 deadline set for all stores in America. This hack illustrates the pressing need for that transition to happen as soon as possible.
Home Depot current estimates its losses at $62 million as a result of the hack, but that number could increase in the fourth quarter. Target’s current reports for their data breach are $146 million in losses after insurance reimbursements.
Some credit and debit card issuers are already taking precautions after the hack. JPMorgan Chase will be replacing at risk cards by the end of this month. Consumers whose accounts are considered “at risk” have already been notified of the new cards coming to them by mail.
Home Depot is currently offering free identity protection services to any customers who have paid with their cards at the store from April on. If you would like to take advantage of this opportunity, contact 1-800-HOMEDEPOT for more information.