Sat, Sep 20, 2014 - Page 15 News List

Home Depot admits breach


Home Depot Inc said on Thursday that the account information of 56 million cardholders was compromised in what is the largest known breach of a retail company’s computer network.

Home Depot said hackers breached the company’s cash register systems in its US and Canadian stores in April.

The hackers used custom malware that was designed to evade traditional security tools and had not been previously used in other cyberattacks, the Atlanta-based company said.

The company added that it had since removed infected registers and closed off the hackers’ mode of entry and that it had been using new encryption systems in its US and Canadian stores for the past nine months.

Home Depot has been scrambling to investigate the breach since it became public on Sept. 8.

It is unclear how the company missed signs of the attack after a breach last year at Target Corp compromised 40 million cardholders’ information, and after the Secret Service and Department of Homeland Security warned retailers in July that their systems were potentially compromised.

The company said its encryption project began in January but was not completed in its US stores until last weekend.

It said encryption in its Canadian stores would not be completed until next year.

Home Depot’s attack went unnoticed for five months.

During that time, hackers found an entry into the company’s network, gained access to its in-store payment systems and installed malware to take payment data off the memory of the company’s registers during processing.

The hackers then sent that data back to their servers abroad.

Home Depot said it would offer free identity protection and credit monitoring services to any customer who had used a credit or debit card at affected stores.

“We apologize to all of our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” Home Depot chief executive Frank Blake said in a statement.

The Department of Homeland Security and the Secret Service recently estimated that more than 1,000 US businesses had been infected with malware programmed to siphon payment card details from cash registers.

They believed that many of these businesses did not know they were sharing customers’ credit card information.

Besides Home Depot and Target, companies that have been attacked by hackers include UPS, Goodwill, P.F. Chang’s, Sally Beauty, Michael’s and Neiman Marcus.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top