Home Depot has joined the ranks of stores with hacked customer information. Earlier this week the New York Times reported that Home Depot has confirmed a breach, which could affect approximately 60 million people (the Target breach was at least 40 million). The breach occurred from April to approximately the beginning of September. Home Depot claims PINs were not taken, but I would recommend you change yours if you used your card at Home Depot within the last six months.
The Home Depot announcement happened after security website KrebsOnSecurity called it out for not alerting the public as soon as it realized there was a breach. There is already a class-action lawsuit in Georgia for “failing to protect customers from fraud and not alerting them to the breach in a timely manner” and suits filed in Illinois and Chicago appeared this week. While Target’s breach only lasted about three weeks, Home Depot’s has lasted potentially five months… that’s a staggering amount of time for a security breach to go unnoticed. Coupled with the fact the company was not first to report the issue, consumer confidence in Home Depot is low.
Customers want to know retailers are invested in tight security for their financial transactions. Security experts think that it’s a variant of the malware used by the same Eastern European group that has been behind other recent attacks (Target, U.P.S., Sally Beauty, and Michael’s, to name a few). The Department of Homeland Security estimates that over 1,000 businesses have been infected with this malware and may not even be aware of it. A study done by the Ponemon Institute and DB Networks found that only one-third of company computer security systems did continuous monitoring that would alert them to irregular activity, and 22% didn’t monitor at all. Companies need to step up their game in ensuring information security and customers need to remain vigilant in watching over their own accounts.
Please keep this in mind, as so many retailers and consumers will begin the holiday shopping season very soon. If you find fraudulent charges on your accounts, contact the issuing financial institution immediately and monitor your credit reports.