We previously discussed on this blog early indications that Home Depot may have been the latest major retail chain to fall victim to a large-scale data breach. Last Monday, the home improvement company confirmed the report, saying that the cyber attack on its payment processing systems may date back to April of this year.
An unnamed source tells The New York Times that hackers may have stolen more than 60 million credit card numbers - even more than those lost in the infamous Target data breach of 2013, in which 40 million card numbers were compromised.
In a publicly released statement, the company says that anyone who used their credit card at a Home Depot store in the United States or Canada since April may be a victim. Representatives say that, as far as they know, online customers or those shopping at the chain's Mexico locations were not affected. They also say that they do not believe that the cyber criminals were able to obtain debit card PIN numbers.
Cyber security blogger Brian Krebs was the first to break the story of the Home Depot data breach, nearly a week before the company provided official confirmation. Krebs reports that the malicious software used to hack Home Depot is an updated version of the malware seen in the Target breach, prompting speculation that the same group of criminals is behind both attacks.
Security experts say that this latest breach is yet another reminder that no retailer, bank or health care provider is immune to cyber criminals' increasingly sophisticated attacks.
"Any organization connected to the debit and credit card ecosystem faces constant and evolving threats," Retail Industry Leaders Association Sandy Kennedy tells The Times. "The public and private sector must continue to work together to improve debit and credit card security, identify threats and share information to best defend against cyber attacks."
Consumers must also take an increasingly proactive and aggressive approach to help protect themselves from identity theft. Over the last year, the public has repeatedly witnessed the vulnerability of even the world's largest and most powerful companies when it comes to data protection. It's time to take ownership of your own security and take concrete steps to guard your privacy.
Whether or not you have reason to believe you were directly affected by the Home Depot data breach, you should regularly and carefully monitor your bank and credit card statements and other financial records. We recently discussed a study from the Ponemon Institute that found identity thieves have compromised the personal information of nearly one in two American adults. Many analysts say it's not a question of if you will be victimized - it's a question of when.
Remember that everyone in the United States is entitled to one free credit report a year from the three major credit bureaus - TransUnion, Experian and Equifax. It's also highly advisable that you invest in a credit monitoring service to provide you further security. While such services cannot guarantee that you will not become the target of identity thieves, they will alert you to certain activity that may indicate fraud. Once you are aware, you can take action to stop criminals from running up debt under your name, preventing serious damage to your credit.