Home Depot says 56 million account numbers compromised
Home Depot announced Thursday afternoon that hackers who stole data from the chain managed to steal 56 million credit and debit card account numbers before they were discovered. The criminals used never-before-seen, custom-made malware, the firm said in a statement. It's now completed cleaning the malicious software from its systems, which required replacing 85,000 point of sale terminals. The leak will cost the firm roughly $62 million, with $27 million offset by insurance coverage.
Criminals used unique, custom-built malware to evade detection. The malware had not been seen previously in other attacks, according to Home Depot’s security partners. The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards. The malware is believed to have been present between April and September 2014.
Consumers who shopped at Home Depot with plastic between April 2014 and today can get free identity protection services, including credit monitoring, from the chain. They can visit www.homedepot.com for my details, or call 1-800-HOMEDEPOT (800-466-3337).
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”
Additional assertions made by Home Depot in the statement issued today:
* There is no evidence that debit PIN numbers were compromised or that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com or HomeDepot.ca.
* The firm is now using new encryption technology, provided by Voltage Security, Inc.
* “Chip and PIN” technology, which began rolling out in early 2013 and already exists in Canadian stores, will be deployed to all U.S. stores by the end of the year, ahead of next's year's payment system deadline
* The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores.