Skip to footer

Home Depot faces possible data breach. How to protect your information.

Home Depot is believed to be the latest company to have customer data stolen. Why does this keep happening, and what can you do to protect yourself if you shopped at Home Depot recently?

|
Mark Humphrey/AP/File
A Home Depot store in Nashville, Tenn. on Aug. 14, 2012. On Tuesday, Sept. 2, 2014, the home improvement retailer said that it's looking into "unusual activity" and that it's working with both banks and law enforcement after suspicions of a credit card data breach.

It seems yet another store has had customer data stolen. 

Home Depot announced Tuesday that it is investigating reports that customer credit and debit card information was taken by a cyber attack.

“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Paula Drake, spokeswoman at Home Depot, told Krebs on Security. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”

Krebs on Security reported that several banks believe the breach began in April or May of this year, meaning the breach potentially could be one of the biggest retail hacks to date. Home Depot said it will pay for a year of identity protection to impacted customers.

The home improvement retailer is the latest high profile target to fall victim to a data breach. Last month, United Parcel Service (UPS) and Dairy Queen confirmed that their customer information was compromised. Last year, Target had data from 40 million payment cards and personal information on 70 million customers stolen. Neiman Marcus, P.F. Chang’s China Bistro, Walmart, Costco Wholesale, and Kroger Co. have also suffered recent cyberattacks.

Why are there so many breaches?

To accept credit cards, companies must comply with Payment Card Industry data standards. Without meeting these standards, a company cannot accept credit or debit cards. But it can still be easy to break into PCI-compliant systems, says Stephen Cobb, senior security researcher at ESET.

“It is possible to be PCI compliant and still be hacked," Mr. Cobb notes, adding that the series of attacks are because businesses don't go beyond minimum requirements. “There is a lot of discussion about updating the standard, and a lot of people in security are saying ‘having a standard in compliance isn't being secured.'"

Currently, it is up to each individual business to decide if they want to add other security measures to prevent cyberattacks. After Target was attacked, the company accelerated a chip-and-pin program on its Target credit cards to better protect credit card information. But some experts say businesses haven't gone far enough to protect themselves from breaches.

A spokesman for Home Depot said the retailer could not release further information on its own data protection procedures

“The problem with security is that it is like insurance. It is something you have to invest in up front, and the attack may or may not happen," said Phil Montgomery, executive vice president of Identiv, a security firm. "It’s hard for businesses to know that they should invest in security because of the uncertainty, but they are risking the confidence of consumers if breached, which is happening with regularity.”

With each breach, businesses are losing business and consumer confidence. Thus far, Target has spent $146 million in breach-related expenses, not including insurance payments.

“Cyber attacks probably aren’t going to go away anytime soon because security is going to require a big investment,” Cobb says. “Payment technology needs to be seriously upgraded. People have been saying this for many years, but now we are seeing the consequences for it not happening.”

What should you do if you shopped at Home Depot during the time of the possible breach?

The only thing customers can do right now is keep an eye on bank statements, according to the Federal Trade Commission. That includes comparing receipts to your bank statement, check any bills that you receive to make sure they were your purchases, and letting your credit card issuer know if there are any questionable charges. Customers can also keep an eye out for an email from their credit card company regarding possible fraud.

Happily, customers aren't responsible for fraudulent charges if credit or debit card information is stolen. 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
editor@csmonitor.com
Subscribe
Mark Sappenfield
Editor

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

Subscribe to insightful journalism

QR Code to Home Depot faces possible data breach. How to protect your information.
Read this article in
https://www.csmonitor.com/Business/2014/0903/Home-Depot-faces-possible-data-breach.-How-to-protect-your-information
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe