Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Stolen Home Depot Payment Data Being Used at ATMs

by Fox Van Allen on September 09, 2014

Hand cutting up a credit cardHome improvement giant Home Depot officially confirmed yesterday that hackers breached its payment data systems earlier this year. The company insists that “no debit card PIN data was compromised,” but Krebs on Security is reporting a “steep increase” in fraudulent ATM withdrawals connected with the compromised accounts.

A lot of the details surrounding the Home Depot hack are still murky. We know that Home Depot was made aware of the compromise on September 2, though it appears the company's systems have been vulnerable since April 2014. We also know that the criminals used the same point-of-sale malware in this compromise as was used in last year’s breach of Target’s payment data. An estimated 70 million card accounts were stolen in that particular attack. No numbers have been released on the number of people affected by the Home Depot breach.

PIN data was not taken from Home Depot. But as Krebs on Security notes, there are other roundabout ways thieves can obtain a valid PIN. The criminals buying account data on the black market can trick some banks’ automated systems into resetting card PINs by cross-referencing other stolen data. In short: If you shopped at Home Depot, your card is likely more vulnerable than you think it is.

Home Depot is offering those who have used a credit or debit card as payment at its stores during the compromise free credit monitoring. It’s a good idea to take advantage if you can, but you may want to go a few steps further. We suggest contacting your bank to request a new card and cancel the old one – it could save you a lot of hassle. Consider changing your PIN too, just in case.

Immediately report any suspicious activity on your cards to your bank. You will not be held legally responsible for any unauthorized charges made to your accounts.

You can learn more about the Home Depot payment systems compromise and the company’s free credit monitoring offer by visiting homedepot.com.

[Cut credit card via Shutterstock]


Topics

Computer Safety & Support, News, Computers and Software, Blog, Shopping


Discussion loading

gravatar

From Jeffrey Deutsch on September 11, 2014 :: 9:32 am


“You will not be held legally responsible for any unauthorized charges made to your accounts…”

...as long as it’s a consumer card (or a card for a sufficiently small business—check with your issuer).

And for any fraudulent activity against a business account (eg, hacking the online account), Zero Liability doesn’t apply no matter how small the business.

Too bad, too sad.

And, unlike with Target, guess who makes up a significant portion of Home Depot’s customer base?

Oh yeah, and precisely for that reason banks, in my admittedly limited experience, provide more protections for consumer accounts (eg, two-factor authentication, permitting more complex passwords) than business ones.

I can see lots of building and home improvement contractors having raced to their phones and computers. And over the next few weeks and months, I can see the screams coming loud and long in ways that go beyond the Target breach.

Reply

gravatar

From Josh Kirschner on September 12, 2014 :: 7:21 am


We hadn’t thought about the business angle. And, as a small business ourselves, that’s definitely a cause for concern. There have been some cases recently of small businesses suing their banks for lax security policies leading to electronic fraud but, to my knowledge, most of those suits have not been successful to date.

Reply

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.