IT Blogwatch Security

Home Depot lost 53 million email addresses (this POS story isn't getting any better)

Beware of phishing email 'from' Home Depot

home depot

Our friends at Home Depot are giving more details about the big breakin. Among the sorry story of stolen card details is the revelation that HD also leaked customers' email addresses.

Oh, brother. In IT Blogwatch, bloggers hope their spam filters are up to the task.

curated these bloggy bits for your entertainment.

Good morning, blogwatchers. Here's Shelly Banjo, who... [Just shut up and get on with it -Ed.]

Home Depot Inc. said hackers got into its systems last April [but now says] the breach was worse than earlier thought...around 53 million customer email addresses were stolen as well. ... They can be used by hackers hoping to trick people into giving away more sensitive information.

Frank Blake, who retired as chief executive last month as scheduled, has conceded the company needs to place greater emphasis on data security...“Our security systems could have been better.” [It] had just gone through several years of upgrades to computer systems that Mr. Blake acknowledges were desperately out of date. ... It took months to get the project rolling, people familiar with the matter said.

Blake, who remains chairman of Home Depot’s board [said] “We believed we were doing things ahead of the industry.”  MORE

Email addresses? So what? Greg Kumparak know what's what. What?

Remember that Home Depot hack? ... Of course you do. ... Alas, things are a bit worse than previously believed.

“Who cares!” you say. “They already have my credit card number, what’s the big deal email address?” ... Everyone gets phishing emails. ... It’s not every day where the phishers also have access to a once-valid credit card number to help them in their trickery.  MORE

So Paula Rosenblum, a retail analyst, analyzes thuswise:

The new details...about its data breach tell us a lot. ... Retailers have no choice. They must assume the perimeters of their computer networks WILL be breached.

It’s easy to point fingers at the retailers themselves — the industry has a reputation for being tight with their capital expenditures. [But] the inexcusable part of this story is that the crooks stayed in Home Depot’s system for five months [before] they were finally noticed.

[Here's] one thing retailers must do to keep their data safe: Create...honey pots [which] are fake servers which seem to have the right name, and a lot of activity, but really only serve to lure crooks [to] reveal themselves. From there, it’s just a matter of time until the authorities grab them.  MORE

Mike Lennon has been shopping for vegetables. He wants us to give peas a chance: [You're fired -Ed.]

Additional details [just confirmed]:
  • Criminals used a third-party vendor’s user name and password to enter the perimeter of [the] network.
  • The stolen credentials alone did not provide direct access to the company’s point-of-sale devices.
  • The hackers acquired elevated rights that allowed deploy unique, custom-built malware on its self-checkout systems. ...
The home improvement giant previously stated it will roll out EMV 'Chip and PIN' to all U.S. stores by the end of this year. [It] expects to pay roughly $62 million this year to recover from the incident.  MORE

But Paul Haas thinks that's small beer:

$62 million [for] exposing the details on 56 million credit cards. That's only $1.11 per exposed card.

My Credit Union sent me a new card, plus two other physical letters about the incident. That had to cost them more than $1.11.  MORE


You have been reading IT Blogwatch by , who curates the best bloggy bits, finest forums, and weirdest websites… so you don't have to. Catch the key commentary from around the Web every morning. Hatemail may be directed to @RiCHi or Opinions expressed may not represent those of Computerworld. Ask your doctor before reading. Your mileage may vary. E&OE.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies