Reportedly theft may eclipse Target hack, with over 40 million cards believed to be stolen by Russian Hackers

Americans may soon be hearing some shocking news as retail giant Home Depot Inc. (HD) has reportedly been linked to a "massive" loss of customer data to hackers operating out of Russia and Eastern Europe.  According to intial reports the breach may involve the theft of over 40 million credit cards, stolen using point-of-sale (PoS) malware deployed across most of the retailer's 2,200 U.S. stores.  Reportedly, the attack may eclipse the shocking data breach that occurred at Target Corp. (TGT) over the 2013 holiday season.

Security researcher Brian Krebs caught wind of the hack when a massive batch of millions of stolen credit cards was offered up for sale on cybercrime hub rescator[dot]cc.  The cards were posted under the headings "U.S. Sanctions" and "European Sanctions", titles that suggest that these cybercriminals are looking to legitimize their efforts as a retaliation against the U.S. and European governments for their sanctions against Russia over its involvement in eastern Ukraine.  

The "U.S. Sanctions" heading contains data on cards issued by American banks, while the "European Sanctions" heading has European bank-issued credit card data.  

The stolen cards allegedly come from a hack of Home Depot, the largest home improvement supplies store in the U.S.  Home Depot spokeswoman Paula Drake comments:

I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate.

Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.

Given the political rammifications, Home Depot may receive extra help from the governments of states with affected banks.  Likewise banks are reportedly circling their wagons to try to limit the damage of the huge data loss.

The timeframe -- both beginning and (possibly) end -- of the Home Depot hack are unclear.  Brian Krebs writes:

Several banks contacted by this reporter said they believe this breach may extend back to late April or early May 2014. If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period.


Sources: Krebs on Security, Bloomberg

"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki