The recent hack of Home Depot’s point of sale computer systems may very well be the largest retail credit card data heist of all time. According to a recent statement from the company, the bad guys made off with “approximately 56 million unique payment cards” between April and September 2014. For comparison, a 2007 breach at TJX (parent company of TJ Maxx and Marshalls, among other stores) exposed data on 45.6 million consumer credit cards. Last year’s Target hack, meanwhile, impacted an estimated 40 million.
Home Depot’s weak point is its self-checkout lanes – it’s where the card-stealing malware appears to have been installed. That actually limited the scope of this attack, even though evidence of compromise was found at approximately 1,700 of the company’s 2,200 U.S. stores. Had all Home Depot payment terminals been affected, stolen card data could have numbered in the hundreds of millions instead.
In the time since the discovery of the malware infection, Home Depot has taken affected terminals offline and implemented new security protocols. The new security system, provided by Voltage Security, Inc., uses enhanced encryption to scramble card information and make the data “virtually useless to hackers.” Home Depot says its encryption has been tested and validated by two independent IT security firms. The company is also on pace to deploy new, safer “chip and PIN” terminals to all U.S. stores by the end of the year. This is all great news to be sure, though it’s cold comfort to those dealing with the fallout of fraudulent credit card charges.
If you’re a Home Depot shopper and have used a credit or debit card at the store between April and September of this year, you’ll want to keep watching your credit card statements for fraudulent charges. You should also consider taking advantage of the free credit monitoring and identity protection services being offered by the company to affected customers. You can learn more by visiting homedepot.com or calling the company direct at 1-800-466-3337.