Home Depot Breach Estimated to Cost $62M
September 22, 2014
When the Target (News - Alert) data breach took place in 2013 organizations around the world received a wake-up call that highlighted the threat they face in today's digital environment. However, security experts continue to see complacency among organizations of all sizes when it comes to implementing the most robust system available in the marketplace for reducing the risks of such breaches. In fact, security firms have been sounding the alarm before and after the Target event, but their calls for action seem to have fallen on deaf ears. Unfortunately, it appears that an even bigger event is needed to get the attention of everyone. That is what happened with the recent Home Depot breach.
The numbers in the latest compromise of a major retailer are substantial. According to Home Depot’s press release, around 56 million payment cards were possibly compromised in a cyber-attack that took place in the US and Canada. If accurate, this would be the largest such data breach in history. Just by way of comparison, the Target breach was responsible for the theft of 40 million payment card numbers as well as 70 million pieces of customer data which cost the company $148 million, the resignation of its CEO as well as a negative customer perception of the company, which may prove to be even more costly in the long run.
Home Depot for its part estimates this incident will cost the company $62 million so far. It is also possible that the breach could be higher as more information comes to light. According to an article written by Jim Finkle and Nandita Bose on insurancejournal.com, they believe insurers will absorb some of the costs of this loss, as the company also stated it believes $27 million of the amount will be paid for by insurers.
Once the full scope of the monetary damage has been assessed, Home Depot and its insurers will determine how much of the loss it will be liable for. However, until that time the company must prepare itself for the inevitable deluge of lawsuits that will surely come its way. will determine
According to the company criminals used custom-built malware to steal the information between April and September 2014.
“To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements. The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores,” said Home Depot in the press release.
The enhanced encryption technology is being provided to Home Depot by Voltage Security (News - Alert), Inc and has been validated by two independent IT security firms. Although the project to deploy the platform was launched in January 24, the rollout was not completed in US stores until September 13, 2014 and it will be completed in stores across Canada by early 2015.
If all goes according to plan the new payment security protection will lock down payment data through enhanced encryption, which takes raw payment card information and scrambles it to make it unreadable and virtually useless to hackers, this according to Home Depot.
Edited by Peter Bernstein
Article comments powered by