Home Depot may be the latest retailer to suffer a costly data breach, and if early indications are correct, the hackers may have been on the home giant’s network longer than hackers were on Target’s systems, and a greater number of consumers may be at risk.
A Home Depot representative confirmed that retailer is seeing “unusual activity” on its network and has engaged law enforcement and its banking partners in an investigation.
“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately,” said Paula Drake, Home Depot’s manager of corporate communications, via a statement sent to Threatpost. “Right now, for security reasons, it would be inappropriate for us to speculate further. We will provide further information as soon as possible.”
Security website Krebs on Security reported that two large bundles of credit cards today went on sale on the rescator[dot]cc card forum, the same underground credit card market that sold numbers stolen in the Target, P.F. Chang and other breaches.
Reporter Brian Krebs wrote that the gang may be the same group responsible for the massive Target breach that occurred during the 2013 holiday shopping season and resulted in 40 million payment card numbers being stolen along with 70 million personal information records. The Target breach began on the day before Thanksgiving and was detected on Dec. 15, a much shorter time frame than early reports on the Home Depot breach.
A number of banks are telling Krebs that the breach dates as far back as April and that all 2,200 Home Depot locations in the U.S. could be involved. By comparison, there are 1,795 Target locations in the U.S.
A rash of data breaches have been reported of late, all with a common link of vulnerable point of sale systems hosting malware that steals payment card data before it is encrypted and sent off to a payment processor. United Parcel Service (UPS) reported Aug. 20 that 51 of its stores were infected with card-stealing malware. On Aug. 15, nationwide supermarket chains Albertsons and SUPERVALU announced a breach going back to June.
A recent Kaspersky Lab research examination of two command and control servers used by the Backoff point-of-sale malware revealed that a U.S.-based Mexican restaurant chain, a North American freight shipping company and a North American payroll association had also been breached.
The breaches prompted a warning by the U.S. Secret Service last week warning of a spree of point-of-sale attacks affecting more than 1,000 businesses. Backoff has experts concerned because it’s effective in swiping customer credit card data from businesses using a variety of exfiltration tools, including memory, or RAM scraping, techniques, keyloggers and injections into running processes.
A report from US-CERT said attackers use Backoff to steal payment card information once they’ve breached a remote desktop or administration application, one that’s using weak or default credentials that tumble in a brute-force attack.
Hackers then install Backoff on a point of sale device, injecting the code into a running process in order to scrape credit card numbers from memory before they’re encrypted on the device.