Home Depot Investigates Credit/Debit Breach

“Massive” batch of card information for sale online: blogger

Published in CSP Daily News

ATLANTA -- Home Depot Inc. is investigating a suspected hacker attack, renewing pressure on retailers and credit-card providers to strengthen payment-system security.

The largest home-improvement chain is working with banks and law enforcement on the possible incursion following a report by KrebsOnSecurity that a “massive” batch of stolen credit- and debit-card information was posted for sale online, according to a Bloomberg report.

"We’re looking into some unusual activity that might indicate a possible payment-data breach, and we’re working with our banking partners and law enforcement to investigate," the company said in a statement. "If we confirm a breach has occurred, we will make sure our customers are notified immediately."

The retail chain offered an apology for any worry the breach may create. It also offered consumers tips for how to deal with fraudulent charges and said it will offer free identity protection services if a breach is confirmed.

"You will not be responsible for any possible fraudulent charges. The financial institution that issued your card or Home Depot are responsible for those charges should we confirm a breach," the company said. "Make sure you are closely monitoring your accounts and reach out to your card issuer should you notice any unusual activity."

If confirmed, Home Depot will join Target and TJ Maxx among national retailers that have been stung by data breaches.

The Home Depot incident raises fresh questions about retailers’ slow adoption of “chip and PIN” technology, which makes cards more secure, Michael Sutton, vice president of security research for San Jose, California-based cloud-computing company Zscaler Inc., told Bloomberg.

“Retailers are now seeing firsthand why the technology is necessary and how technology costs pale in comparison to the direct and indirect costs associated with a major data breach,” Sutton said.

Some in the industry, however, are not convinced chip and PIN will solve the problem.