Hackers May Have Swiped Credit Card Data from Home Depot

Home Depot Data Breach Could Affect All Stores Nationwide

By ANNE D'INNOCENZIO

NEW YORK -- Home Depot may be the latest retailer to suffer a major credit card data breach.

The Atlanta-based home improvement retailer told The Associated Press on Tuesday that it's working with both banks and law enforcement to investigate "unusual activity" that would point to a hack.

"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," said Paula Drake, a spokeswoman at Home Depot, declining to elaborate. She said the retailer would notify customers immediately if it confirms a breach.

Shares of Home Depot (HD) fell $1.88, or 2 percent, to close Tuesday at $91.15.

Hackers have broken security walls for many retailers in recent months, including Target, grocery store chain Supervalu (SVU), P.F. Chang's and the thrift store operations of Goodwill. The rash of breaches has rattled shoppers' confidence in the security of their personal data and pushed retailers, banks and card companies to increase security by speeding the adoption of microchips into U.S. credit and debit cards.

Supports say chip cards are safer, because unlike magnetic strip cards that transfer a credit card number when they are swiped at a point-of-sale terminal, chip cards use a one-time code that moves between the chip and the retailer's register. The result is a transfer of data that is useless to anyone except the parties involved. Chip cards are also nearly impossible to copy, experts say.

The possible data breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported "evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards" that went on sale on the black market earlier Tuesday.

Krebs reported that it's not clear how many stores were affected but preliminary analysis indicates the breach may have affected all 2,200 Home Depot stores in the U.S. Several banks that were contacted said they believe the breach may have started in late April or early May.

"If that is accurate -- and if even a majority of Home Depot stores were compromised -- this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period," said the Krebs post.

Krebs said that the party responsible for the breach may be the same group of Russian and Ukrainian hackers suspected in the Target breach late last year. Krebs also broke the news of Target's breach.

Target (TGT), based in Minneapolis, is still trying to get beyond its massive breach that occurred late last year and hurt sales, profits and its reputation with customers. It has been overhauling its security department and systems and is accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.

New payment terminals will appear in stores by this month, six months ahead of schedule. In April, the retailer announced it teamed up with MasterCard to issue branded Target payment cards equipped with chip technology by early in 2015.

Walmart Stores (WMT), the world's largest retailer, is also sending customers who have a store credit card a chip-enabled MasterCard, while its Sam's Club division introduced a chip-enabled MasterCard in June. The company has chip-enabled check-out terminals in 4,600 stores, and terminals in the remaining U.S stores will be activated before the end of the year.

In a separate statement Tuesday, Goodwill said its customers' credit and debit card numbers had been stolen at more than 300 stores in 19 states and Washington, D.C., from February 2013 through Aug. 14. Goodwill blamed the security lapse on an unidentified contractor's payment processing system. Reports about fraud linked to shoppers' cards have been "very limited," Goodwill said.

The company had said in July that it was investigating the breach.


Increase your money and finance knowledge from home

Building Credit from Scratch

Start building credit...now.

View Course »

Introduction to Retirement Funds

Target date funds help you maintain a long term portfolio.

View Course »

Add a Comment

*0 / 3000 Character Maximum

37 Comments

Filter by:
hanlon1212

Why are my posts not being posted ?

September 03 2014 at 11:52 PM Report abuse rate up rate down Reply
hanlon1212

insane.

September 03 2014 at 11:51 PM Report abuse rate up rate down Reply
shy32atlanta

meanwhile at Neiman Marcus they also had an employee work with an open wrist bone giving untold numbers of people hepatitis and they wont report it...

September 03 2014 at 10:30 PM Report abuse +1 rate up rate down Reply
fox12ga

I was in Home depot this morning and it was almost empty of customers and staf I was afraid to use my card most were paying cash or check My purchase was minimal I'll shop else where for a while

September 03 2014 at 7:21 PM Report abuse +1 rate up rate down Reply
vlady1000

the thieves are now at the keyboards, not at your window (trying to get in).

September 03 2014 at 7:13 PM Report abuse rate up rate down Reply
rideum51

these companies should hire some mercenaries to take out these guys. End of story

September 03 2014 at 6:42 PM Report abuse +5 rate up rate down Reply
amcdon3648

Ah holy jeez....So what do we do? Do we now have to replace our credit cards asap? I don't see home depot saying anything about thAT.

September 03 2014 at 3:40 PM Report abuse +2 rate up rate down Reply
FromTheChrysalis

Folks, any time someone declares we are inevitably going to a cashless society, remember all of the hundreds of breaches in the past few years. Those are only the ones you hear about! The ones you don't hear about number in the thousands. The Pentagon gets hacked into every single day, and if the worlds most secure facility is so full of holes, what makes people think that banks and corporations are going to be able to protect your funds, your identity, and your family? They can't, and they won't ever be able to. It's that simple. Cash may not be a tangible asset anymore, but if someone want's to steal it from you they have to do it the old fashioned way and that gives you a lot more control than cashless banking.

September 03 2014 at 2:31 PM Report abuse +1 rate up rate down Reply
tmlbtb

Anyone hears of a classs action suit against HD, please publish it. These corporations who use a security system that a 10 year old can hack into need to be taught a lesson. It's negligence. They know it was going to eventually happen and ignored it.

September 03 2014 at 2:12 PM Report abuse +1 rate up rate down Reply
pj512

There is a special place in hell for people who wreak this kind of havoc. I hope they catch all of the people doing these things and let them prepare for their trip down.

September 03 2014 at 1:53 PM Report abuse +4 rate up rate down Reply