Home Depot Investigating Potential Breach

I am glad to see that your bank is on the ball, they were pretty quick.

Cash is king! :S
 
http://www.fool.com/investing/dividends-income/2014/03/16/cash-is-king-again.aspx

The following article is a update on Home Depot Breach
(Home Depot completes malware elimination in all U.S. stores)
 
By HNS Staff/ Posted on 19 September 2014.
 
Home Depot confirmed that the malware used in its recent breach has been eliminated from its U.S. and Canadian networks. They completed a major payment security project that provides encryption of payment data at point of sale in the company's U.S. stores, offering.

Roll-out of enhanced encryption to Canadian stores will be complete by early 2015. Canadian stores are already enabled with EMV "Chip and PIN" technology.
 
Help Net Security/ full article here/ http://www.net-security.org/secworld.php?id=17380

@Antus67 wrote:
The following article is a update on Home Depot Breach
(Home Depot completes malware elimination in all U.S. stores)
 
By HNS Staff/ Posted on 19 September 2014.
 
Home Depot confirmed that the malware used in its recent breach has been eliminated from its U.S. and Canadian networks. They completed a major payment security project that provides encryption of payment data at point of sale in the company's U.S. stores, offering.

Roll-out of enhanced encryption to Canadian stores will be complete by early 2015. Canadian stores are already enabled with EMV "Chip and PIN" technology.
 
Help Net Security/ full article here/ http://www.net-security.org/secworld.php?id=17380

 
as always, thank you Anthony!  I'm curious though as to why the Canadian stores have to wait until 2015?
 
@  any ideas?

@ wrote:

@Antus67 wrote:
The following article is a update on Home Depot Breach
(Home Depot completes malware elimination in all U.S. stores)
 
By HNS Staff/ Posted on 19 September 2014.
 
Home Depot confirmed that the malware used in its recent breach has been eliminated from its U.S. and Canadian networks. They completed a major payment security project that provides encryption of payment data at point of sale in the company's U.S. stores, offering.

Roll-out of enhanced encryption to Canadian stores will be complete by early 2015. Canadian stores are already enabled with EMV "Chip and PIN" technology.
 
Help Net Security/ full article here/ http://www.net-security.org/secworld.php?id=17380

 
as always, thank you Anthony!  I'm curious though as to why the Canadian stores have to wait until 2015?
 
@  any ideas?

Because our Credit Cards or Debit Cards have a Chip and PIN security Technology! We are more Secure than our American counter parts.
 
Home Depot says it will complete installing new encrypted terminals at its Canadian stores early next year but added they are already equipped to handle credit cards with embedded chips and personal identification numbers.

http://www.ctvnews.ca/business/home-depot-eliminates-malware-that-affected-56-million-credit-cards-1.2013607  http://www.interac.ca/en/security/what-is-chip 

 

I now have a new visa card with the chip in.....however a lot of stores do not have the scanner for this new security measure yet.

News from this attack will be coming out for a long time yet but the info of how a huge retailer could still be using av software from 2007 does not bode well for the retail industry if there are a lot doing it. I can imagine that there will be a lot now frantically tigtening their systems. Posted on 22 September 2014.Bit by bit, information about the Home Depot security breach is coming to light, and the picture it paints is extremely unflattering for the retailer.

The latest insight comes from former Home Depot IT employees and members of its cybersecurity team, who told the New York Times that the company was lax and slow-moving when it came to setting up defenses against cyber attackers.

The company still uses Symantec antivirus software from 2007; does not perform network monitoring in order to spot unusual behavior; performs system and vulnerability scans irregularly and incompletely - the security staff was even not allowed to scan some systems handling customer information; and, finally, in 2012, the company employed a security engineer that was sentenced this April to four years in federal prison because he was found guilty of disabling the computers of his previous employers. Full Article

To think a retailer is using security software from 2007 is mindblowing,let alone it's Symantec.The threat landscape changes so quickly and the need for new technologies to keep up with the bad guys is paramount.Sadly,in the end,it's all about money,and most businesses do not assign a high priority to investment in IT and security.IT departments in most corporations,from my observation,are overpaid and lazy.They can't even handle updating software or browser plugins.Work finally updated to Win7 mainly because it became more financially feasible than investing in a service contract with MSFT to support XP.We also use Forefront client security which scares me as our IT department can't keep plugins and software updated.I recently checked a pc in work and FOrefront hadn't been updated with new defs in over a week.Whatever policies are in place,they should not be restricting Forefront communication for updates.Multiply instances like this by the millions,and you have a pretty scary landscape.I'm actually kind of amazed that there haven't been more breaches.

Good points there  @ . It is also an insult to the customers who put their trust and faith in these companies who show scant disregard for their private info which they hold. Like you say it is a wonder that have not been more breaches, but there is still time and it would be interesting to hear back from any IT workers are now busy trying to secure the defences of the retailers how bad the situation is.

The sad state of affairs Jeff is money talks.....that is all big business cares about....I learned that from the get go with the company I worked for. They don't care about the employee's well being just how they can line their pockets.

Now serving four year federal sentence, Ricky Joe Mitchell spread viruses as teen.

by Sean Gallagher - Sept 22 2014
 

"We sell hammers" was the justification Home Depot managers gave for cheaping out on security to IT employees.
 
When Home Depot suffered a breach of transaction data that exposed as many as 52 million credit card transactions earlier this year, the company reportedly suffered from lax computer and network security measures for years. Apparently, the company wasn’t helped much by its selection of a security architect either. Ricky Joe Mitchell was hired by Home Depot in 2012, and in March of 2013, he was promoted to the position of Senior Architect for IT Security at Home Depot, in charge of the entire company’s security architecture. In May of 2014, Mitchell was convicted of sabotaging the network of his former employer.
 
Full Article

The following article is a update
Home Depot Breach Cost Company $43 Million in Third Quarter
 
by Dennis Fisher
 
 
The massive Home Depot data breach disclosed earlier this fall involved the theft of 56 million credit and debit card numbers, and now the company has revealed that the incident so far has cost it $43 million.
The costs are the result of both the investigation into the data breach as well as the recovery from it, including hiring security experts to find the details of the attack, bringing in more call center workers to handle consumer questions and paying for credit monitoring, among other things. In a financial filing on Tuesday, Home Depot said that as much as $15 million of those charges could be recoverable through insurance coverage.
 
 
full article