Home Depot may be the latest victim breached after security journalist Brian Krebs reported multiple financial institutions found evidence that a massive new collection of stolen credit and debit cards appeared for sale in the cybercrime black market Tuesday morning.
The nationwide home furnishings chain reported it is working closely with banks and law enforcement agencies to further investigate the suspicious activity.
“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers,” said Paula Drake, Home Depot spokesperson.
As of now, Krebs estimates the breach may impact all 2,200 Home Depot stores across the United States with several banks stating the breach could extend back to late April or early May 2014.
“If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period,” said Krebs.
Drake assured that Home Depot would notify affected customers immediately, if the allegations of the breach are true, stating, “Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
Krebs added that the perpetrators of this attack may be the same group of hackers responsible for the previous breaches at P.F. Chang’s, Sally Beauty and the massive Target breach.
Tripwire security researcher Ken Westin explained in a blog post how criminals can generate significant profit through the sale of stolen credit cards in the online black market.
“The price for valid credit cards can be as high as $100 per card depending on the amount of information available with the card, such as the type of card and its known limits,” said Westin.
Fraudsters often use the stolen card information to purchase pre-paid gift cards from other retailers, such as Amazon, then purchase high-value goods that can later be re-sold for profit.
Unfortunately, Home Depot is not alone. Recently, Dairy Queen, The UPS Store and Supervalu came forward to announce all had been impacted by malicious malware stealing sensitive customer information.
“We are starting to see that no retailer is safe,” said Westin. “Attackers are exploiting every angle they can to break in and are constantly adjusting and refining their methods.”
Likewise, Westin stressed that organizations need to focus on critical controls to protect their environment and continuously adapt to stay ahead.
Read More Here…