Profile image
By Money Morning (Reporter)
Contributor profile | More stories
Story Views
Now:
Last Hour:
Last 24 Hours:
Total:

There's More To The Home Depot Data Breach That Will Really Boil Your Blood By Shah Gilani

% of readers think this story is Fact. Add your two cents.

The Home Depot data breach is huge, and yet the general public seems frustratingly unconcerned about it.

Who should worry about data breaches?

Everyone.

You as an individual are at risk. Your bank account is at risk. Your credit is at risk. You’re at risk in ways you never thought about.

Merchants are at risk, maybe to the tune of tens of billions of dollars.

Home Depot Data Breach

Banks are at risk. In fact, the whole financial system could be at risk.

And we hate to think about it, but the entire country is at risk.

And then there’s the security implications of breaches of critical U.S. infrastructure imply. And the global geopolitical implications of cyberwar.

That’s scary.

We know that’s all out there, but today I’m going to put a single data breach under a microscope.

So, put on your lab coats and let’s get started…

The E-Castle Walls Are Coming Down

Today, I’m focusing on basic credit and debit transactions.

They’re not basic anymore.

The electronic world we’ve constructed isn’t impenetrable. In fact, it’s pretty porous.

Almost every day businesses are attacked by hackers, by malware, by criminals intent on stealing proprietary information, trade secrets, and customer information. They’re going after our payment card numbers, passwords, addresses – anything they need in order to steal or make money.

Corporate and government data breaches are so common now that there’s a website dedicated to what’s happening: www.DataBreachToday.com.

The data breaches that have garnered the most media attention recently are the Target Corp. (NYSE: TGT) and The Home Depot Inc. (NYSE: HD) thefts.

The more recent Home Depot breach dwarfs the one last year at Target. So let’s zero in on what happened at the hardware giant and what’s going to happen in the future.

The Home Depot Data Breach Was Massive

Home Depot’s more than 2,000 North American stores were all affected. Some 56 million Home Depot customers’ payment cards were exposed – about 40 million Target customers’ cards were breached.

Needless to say, the lawsuits are starting to fly.

One lawsuit, which is seeking class-action status, was filed on behalf of Home Depot customers even before the retailer admitted its systems had been breached. That suit anticipated the eventual admission and points to the fact that Home Depot knew about the breaches and didn’t come clean, which would have helped customers who were subsequently affected protect themselves in some way.

Now banks are getting on the “sue Home Depot” bandwagon. Two credit unions are suing and seeking class-action status, claiming unspecified losses related to refunding fraudulent charges, reissuing cards, opening and closing accounts, stopping or blocking payments, notifying customers, increasing fraud monitoring, and lost revenues from a drop-off in accounts.

Whether banks can sue merchants for losses related to data breaches is about to be ruled on by a judge in a Target lawsuit. In that suit, Target is trying to derail a consolidated class action by a group of banks claiming the retailer is responsible for their losses. One estimate of Target’s liability to the banks suing it is a cool $18 billion.

If the banks prevail, merchants’ liability in the future will be staggering.

Between banks and customers suing, merchants are going to face charges of breach of confidence, privacy, fiduciary duty, negligent misrepresentation, and outright negligence. In short, the plaintiffs are accusing the merchants of failing to meet their legal obligation to protect customers and customers’ banks.

Sometimes, as may be the case with Home Depot, there may be obvious (at least in my mind) culpability. And it may be clear that obligations were not met where they could be reasonably expected.

Apparently, Home Depot knew about the breaches at least five months before going public about it. An outside data security firm warned the retailer about “using out-of-date malware detection” systems. And a former Home Depot information securities manager has said he warned the company about its out-of-date antivirus software on its point-of-sales systems.

It was the point-of-sales systems that were compromised at both Target and Home Depot.

In fact, the U.S. Department of Homeland Security, based on U.S. Secret Service findings, warned Home Depot about Mozart (the name of the malware that infected the retailer’s systems) infiltrating its checkouts.

Data security experts think Mozart to be a customized malware designed to attack Home Depot’s point-of-sale systems. In other words, whoever designed Mozart understood, or knew how to get around, Home Depot’s safety systems. Mozart was “customized” to the retailer’s technology. And it was running for at least five months before anyone detected it.

In a nutshell, the malware used a “RAM scraper” to capture a customer’s card and related information between the time – just milliseconds – it was swiped and the time it took Home Depot’s systems to encrypt the customer’s information.

Wow!

Home Depot encrypted its customers’ information – but Mozart stole the data before encryption occurred.

What will the eventual costs to Home Depot be? What will merchants be responsible for in the future? What was the Secret Service doing looking into Home Depot’s systems? What’s out there in cyberland that we have yet to face, defend ourselves against, and combat?

Who knows?

All I know is that the Home Depot data breach proves that technology is a double-edged sword.

More from Shah Gilani: There’s a new twist in an ongoing SEC probe into D.C.-Wall Street corruption, and it reeks of an insider trading cover-up. Welcome to the Washington-Wall Street “Corruption Corridor.”

Tags: cyberattacks, cybersecurity, data breach, HD data breach, Home Depot data breach, NYSE: HD, retail data breach

The post There’s More to the Home Depot Data Breach That Will Really Boil Your Blood appeared first on Money Morning – Only the News You Can Profit From.

Check out the life changing BeforeitsNews natural health products!  Join our affiliate program to earn with them too!

APeX - Far superior to colloidal silver in destroying viruses, bacteria and other pathogens.  See the videos and 50 page report!

Ultimate Curcumin - Most powerful natural pain relief you can buy.  Reduce inflammation, depression, arthritis and so much more!

Supreme Fulvic - Nature's most important supplement!  Read our amazing testimonials and experience vivid dreams again!

MitoCopper - First bioavailable copper cleans up your blood from pathogens and gives you more energy!  Watch all videos on our website!

Prodovite - The Secret To Healing is in the Blood!  Our nutrition is absorbed in 5 minutes!  See the proof!
Report abuse
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite
Prodovite

    Comments

    Your Comments
    Question Razz Sad Evil Exclaim Smile Redface Biggrin Surprised Eek Confused Cool LOL Mad Twisted Rolleyes Wink Idea Arrow Neutral Cry Mr. Green

    Total 2 comments
    • UlfMattsson

      I think it is time to take a data centric approach to data security. This can help against data breaches and regulatory compliance.

      Modern approaches like data tokenization can be implemented in the swipe terminal and at other points where Card Holder Data is collected.

      Data tokenization is a promising trend in the payment industry, including mobile wallets, PCI DSS and the EMV framework.

      Studies have shown that users of data tokenization experience up to 50 % fewer security-related incidents (e.g. unauthorized access, data loss, or data exposure) than non-users.

      We should use this approach to also secure personal information across the entire data flow, in memory (against malware), in transit and at rest.

      Ulf Mattsson, CTO Protegrity

    • Jiliane

      On The website : NORSE
      You can watch live cyber attacks throughout the world.
      I was one of the home Depot casualties and just got my new check card
      From the bank.
      Time to go back to cash!

    SignUp

    Login

    Newsletter

    Email this story
    Email this story

    If you really want to ban this commenter, please write down the reason:

    If you really want to disable all recommended stories, click on OK button. After that, you will be redirect to your options page.