Home Depot suffered a security breach, which exposed at risk the users of 56 million unique credit cards. The hackers’ attacks and the malware have been dealt with according to information offered by the company.
The malware was present in the company’s system and compromising clients in the period between April and September 2014, after which it was eliminated and the terminals which had been identified with malware were taken out of service. The company was made aware of its existence on September 2, when law enforcement and different banking partners told them that cyber criminals may have breached the systems.
According to the security experts working in the company, the cyber criminals applied custom-built unique malware and due to that it was not able to be detected for such a long time. This malware have not been seen in other attacks before. Once the investigation was over, Home Depot company declared that there was no evidence was compromise of the debit PIN numbers and that the breach had impacted customers shopping online and certain stores in Mexico.
A cache of credit and debit card data emerged on an underground forum in the beginning of September. According to the original statement, the clients who had used their payment cards in Canadian and US stores from April to that moment could all be impacted. Users remembered how last year hackers attached the retail giant Target, credit card data of 40 million customers and personal information for another 70 million clients.
Home Depot has already added enhanced encryption thus taking steps to secure all its systems. The new payment security protection uses raw information from the payment card and then scrambles it in order to make it impossible to read and thus useless to hackers. This new encryption project was launched in the beginning of 2014, however it was completed in the US stores in the middle of September. The stores in Canada will get the same treatment in the beginning of 2015.
Currently, Home Depot company is offering free identity protection services including credit monitoring to all their clients that suspect that they are victims of the data breach. The company’ chairman and CEO further Frank Blake offered the company’s apologies to their clients for the anxiety and the inconvenience caused. He also reassured the clients that they will not be liable for fraudulent charges.