Home improvement giant Home Depot officially confirmed yesterday that hackers breached its payment data systems earlier this year. The company insists that “no debit card PIN data was compromised,” but Krebs on Security is reporting a “steep increase” in fraudulent ATM withdrawals connected with the compromised accounts.
A lot of the details surrounding the Home Depot hack are still murky. We know that Home Depot was made aware of the compromise on September 2, though it appears the company's systems have been vulnerable since April 2014. We also know that the criminals used the same point-of-sale malware in this compromise as was used in last year’s breach of Target’s payment data. An estimated 70 million card accounts were stolen in that particular attack. No numbers have been released on the number of people affected by the Home Depot breach.
PIN data was not taken from Home Depot. But as Krebs on Security notes, there are other roundabout ways thieves can obtain a valid PIN. The criminals buying account data on the black market can trick some banks’ automated systems into resetting card PINs by cross-referencing other stolen data. In short: If you shopped at Home Depot, your card is likely more vulnerable than you think it is.
Home Depot is offering those who have used a credit or debit card as payment at its stores during the compromise free credit monitoring. It’s a good idea to take advantage if you can, but you may want to go a few steps further. We suggest contacting your bank to request a new card and cancel the old one – it could save you a lot of hassle. Consider changing your PIN too, just in case.
Immediately report any suspicious activity on your cards to your bank. You will not be held legally responsible for any unauthorized charges made to your accounts.
You can learn more about the Home Depot payment systems compromise and the company’s free credit monitoring offer by visiting homedepot.com.
[Cut credit card via Shutterstock]