Home Depot data breach – ‘warnings ignored since 2008’

Home Depot staff repeatedly ignored the concerns of employees about the security of its systems, prior to the Home Depot data breach, now thought to be the largest in history, according to a New York Times report. The chain relied on outdated software which was scanned ‘rarely’ by employees.

The data breach the theft of 56 million credit and debit card details, Gizmodo reports. The New York Times suggests that according to some estimates, the card details stolen in the home depot data breach could be used to make up to $3 billion in illegal purchases.

ESET’s Lysa Myers offers a guide for customers concerned that their payment card details may have been compromised in the Home Depot data breach here.

Home Depot data breach: Warnings

Speaking on condition of anonymity, several employees from Home Depot’s security team said that the company had been repeatedly warned about the security of its sytems, and that the warnings stretched back to 2008, according to Ars Technica.

One employee said his concerns over credit card security at the store were so great he warned friends to use cash, rather than cards, in the store.

Other said that they resigned after they raised concerns over security issues, only to have them dismissed by managers.

Ars Technica reports that the chain hired Ricky Joe Mitchell as its senior IT security architect, after he had been fired by Enervest Operating in Charleston, which he responded to by sabotaging company systems and taking the company offline by 30 days. He remained in charge of Home Depot’s security even after his indictment, until he pled guilty to federal charges in January 2014.

Sweeping changes at chain

Home Depot announced sweeping changes to its payment card security systems after admitting the scale of the breach.

The chain said in an official release, “We also want you to know that we have completed a major payment security project that provides enhanced encryption of payment card data at point of sale in our U.S. stores, offering significant new protection for customers.”

 

Author , We Live Security

  • Government IT gal

    “Other said that they resigned after they raised concerns over security issues, only to have them dismissed by managers.”
    This is typical of American management *especially* in government. The agency where I work has NO password authentication requirement when people call the help desk for a new password. All it would take to gain access to the network is for someone to call the help desk and ask for a password reset for one of the upper managers who are all domain admins.

Follow us

Copyright © 2016 ESET, All Rights Reserved.