Banks: Credit Card Breach at Home Depot

Discussion in 'malware problems & news' started by Dermot7, Sep 2, 2014.

  1. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    https://krebsonsecurity.com/2014/09/banks-credit-card-breach-at-home-depot/
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://abcnews.go.com/Business/wireStory/home-depot-hires-firms-probe-data-breach-25238253
     
  4. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://krebsonsecurity.com/2014/09/...epot-banks-see-spike-in-pin-debit-card-fraud/
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://www.cso.com.au/article/55502...eport-blackpos-used-home-depot-target-attacks
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,275
    As a precaution, Barclays Bank seems to be sending replacement cards to people who recently used their Visa card at Home Depot. I got a notification to that effect. Called them to inquire why, and they said the card's in the mail, even though my card hasn't been misused yet.

    An expensive thing for the banks, isn't it?
     
  8. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    10$ at most per customer probably. At least that's how much they ask around here most banks.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  10. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    Last edited: Sep 18, 2014
  11. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    884
    Location:
    Triassic
    I have used a credit card at the self checkout terminals at Home Depot several times over the past 6 months. I have a chip card but these terminals do not have the tap function so a PIN has to be entered. I am not sure if the tap function would have thwart the malware used on these terminals or not. I assumed that the tap function captured the encrypted PIN at the handshake and did not reveal it at the terminal level. So, no keystroke, no capture. If you go through the service checkout at Home Depot, the card devices there do not have the tap function either.

    I changed my PIN last week even though Mastercard told me that it was not necessary.

    http://www.zdnet.com/au/banks-say-no-security-flaw-in-tap-and-go-cards-7000023672/

    Getting to not trust this tap technology after having read the above link. I do not use the cell phone app from Google Play. My bank issues tap and go on the credit card I use.
     
    Last edited: Sep 19, 2014
  12. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  14. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    884
    Location:
    Triassic
    Credit Card companies also need to revamp their security requirements set out for retail stores. Home Depot claim that they met PCI standards. Scanning for malware once per quarter strikes me as naive. Hackers can grab a lot of data over a 3 month period, especially from a large retailer. Boycotting one store would not be an effective response because the standard covers all stores.

    "Credit card industry security rules require large retailers like Home Depot to conduct such scans at least once a quarter, using technologies approved by the Payment Card Industry Security Standards Council, which develops technical requirements for its members’ data security programs."

    PCI comes across as a wet noodle. A legal blind to exempt the credit card company and retailer from liability. Home Depot, having met the minimum requirements set out by this group is a perfect example of its credibility.
     
  15. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    I think the sooner these retailers and banks bite the bullet and adapt the digital chip cards that Europe has been using for years the better. At this point, if I was a major retailer I would race to be the first to begin using them. It would generate a huge jump in new card users for me.
     
  16. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    769
    Location:
    "Here on Wilders"
    Yep, just received my new American Express Credit Card with a digital chip in it last week. :thumb:
    I didn't know it was coming. They changed some numbers on the card also which I'm glad. Now let's see what Bank of America does, still using the old type card. I'm not holding my breath on them. :rolleyes:
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Home Depot’s former security architect had history of techno-sabotage
    http://arstechnica.com/security/201...ity-architect-had-history-of-techno-sabotage/
     
  18. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    884
    Location:
    Triassic
    I wonder if the police are investigating the Senior Architect for IT Security at Home Depot, Ricky Joe Mitchell. Home Depot do sell hammers. Bang bang Maxwell Silver hammer ...

    Edit: I see that Home Depot was using XP. Seems that the security department did not consider security a high priority. If Mr Mitchell advised management that all was good on the security front then he was 'the problem'. However, if he did put forward the appropriate security upgrades highlighting the actual cost of not implementing them and HD executives turned down the recommendation, then upper management is as much to blame.
     
    Last edited: Sep 26, 2014
  19. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  20. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    884
    Location:
    Triassic
    Are companies breaking the law if they ignore these types of warnings? I know of none other than tort law. We can all understand that undetected malware is just that, however when there are warnings with recommended action you would expect some accountability. Evidence is coming forth now that customers have had their bank accounts wiped out and others are dealing with identity theft. When this happens the victims do not deal with Home Depot to recover their losses, they have to deal with their bank and the credit card company. The burden of proof, the inconvenience and the real cost is on the customer.
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    http://online.wsj.com/news/article_...m-vendor-1415309282-lMyQjAxMTA0NzAzNjMwMjY5Wj
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    OT post removed. This thread is about the many people who may have been compromised by this criminal act. Nothing more.
     
  23. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,089
  24. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://arstechnica.com/tech-policy/...t-least-44-civil-lawsuits-due-to-data-breach/
     
Loading...