Several banks have seen indications that a large batch of stolen credit and debit card – which are being sold on the black market – could have originated from Home Deport stores, reports Krebs on Security
Home Depot has issued a statement confirming that the retailer is investigating with banking partners and law enforcement.
“We are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately,” the retailer said.
Home Depot added that it would be “inappropriate” to speculate further at this stage, but it would provide further information “as soon as possible”.
But, if the breach is confirmed and found to have affected all 2,200 of the retailer’s US stores, many more people could be affected than the 40 million who had payment card details stolen in the Target breach.
More on data breaches
- Most cyber attacks use only three methods, Verizon breach report shows
- Target CEO quits after data breach
- Sears confirms data breach investigation amid retailer data breaches
- Orange data breach underlines need for encryption, say experts
- Target data breach: Why UK business needs to pay attention
- Bitly urges users to secure accounts after security breach
- Target’s CIO resigns after massive data breach
The new batches of stolen payment cards have appeared on the same site linked to data breaches at other US retailers, including Target, Sally Beauty and restaurant chain P.F. Chang’s, according to Krebs.
The credit cards are listed as “American Sanctions” and “European Sanctions,” which shows the attacks are linked to protests against US and EU sanctions against Russia over its military action in Ukraine.
In August, sanctions against Russia were thought to be the possible motivation for attacks on JP Morgan Chase and several other financial institutions.
“Organised criminal syndicates are actively targeting US retailers simply because they have become lucrative targets,” said Ken Westin, security analyst at Tripwire.
“These groups take advantage of inherent vulnerabilities in payment architectures and applications, among other tactics, to get into these retail chains and siphon data off undetected,” he said.
In May 2014, Verizon said retailers around the world are making it easy for hackers to access their IT systems and steal lucrative financial data.
“Very few data breaches in the retail sector can be attributed to advanced attacks,” said Paul Pratley, investigations manager at Verizon.
Verizon's 2014 Data Breach Investigations Report (DBIR) revealed that attackers continue to use only a few simple techniques to steal data from retail organisations.
The most basic problem is that point of sale (POS) devices are often open to the internet and protected only by weak passwords, default passwords and even no passwords, the report said.
Many retailers have failed to make adequate investments in cyber security, said Russ Spitler, vice-president of product strategy for AlienVault.
“Banks are no longer easy targets, they have fortified themselves and even built protections for their consumers, but point of sale systems originally designed and built years ago are easy places to grab a foothold.
“Hackers are focusing on retailers because 'that is where the money is' - it is the easiest target with the greatest reward,” he said.