Target, P.F. Chang's, Nieman Marcus — this has been the year of massive corporate security breaches online. And now, it looks like one more can be added to the list: Home Depot.
Computer security reporter Brian Krebs, who uncovered the massive Target breach earlier this year, broke the story. He writes banks are pointing to Home Depot as the source of a "massive new batch of stolen credit and debit cards."
"They then have systems that determine patterns and then they try to check back to where the patterns emanate from, and it would appear that a lot of the patterns are emanating ... from possibly Home Depot."
As Krebs points out, the numbers are up for sale on the same site the Target numbers appeared. This might mean it's the same group of Russian and Ukrainian hackers responsible for that breach.
Trey Ford, a security strategist who spoke with Businessweek, says the information up for sale would be from the magnetic strips on the back of customers’ cards, meaning malicious software might have been put on The Home Depot sale registers by the hackers. (Video via YouTube / North Pay)
Ford says, “They are efficient, they are focused, and they manage their risk and exposure the same way a business person would. It’s kind of a slow game of cat and mouse.”
The type of malicious software Ford is referring to would be the “Backoff Point-of-Sale Malware” which theSecret Service estimates to have infected over 1,000 U.S. businesses.
A spokeswoman for the company released a statement saying they’re looking into some unusual activity with law enforcement officials and they are currently “aggressively gathering facts.”
ZDNet suggests, even without confirmation from The Home Depot, it’s possible this breach could be much larger than Target's 40 million leaked card numbers with early analysis saying all of The Home Depot's 2,200 stores nationwide were affected.
Krebs also said the window of this breach may have been much larger than Target’s three-week breach, possibly stretching over the past four months.
The names of the card dumps on the underground sites — “European Sanctions” and “American Sanctions” — suggest this attack could possibly be retaliation for recent sanctions on Russia by the West over the continuing crisis in Ukraine. But obviously, it's online and, for now, anonymous, meaning no one knows for sure.
This video contains images from Getty Images.