The hardware chain fixes widespread data breaches that have compromised customers’ confidential information.
Home Depot announced it will pay out $ 17.5 million to settle a data breach lawsuit, with 46 states claiming affected. Hackers used a vendor’s username and password to access the hardware store’s network and deployed malware to compromise customers’ payment information. The violation revealed card information from approximately 40 million Home Depot consumers nationwide, according to court records. Home Depot has agreed to implement additional data security practices, including providing resources and training, and hiring a chief information security officer.
Brian Krebs, a security reporter, wrote that he suspected the same malware that hacked Target customers’ accounts compromised Home Depot’s network. He stated, “At least some of Home Depot’s store registers have been infected with a new variant of a strain of malware known as BlackPOS. This is the same type of malware that was used in last year’s attacks on point-of-use. Sale systems at Target was found. “
Photo by Bente Whyatt on Unsplash
“We don’t really know how it happened, but it may sound like an internal bug,” added Chloé Messdaghi, VP of Strategy, Point3 Security. “If one of those emails got into the hands of an attacker, it’ll be like early Christmas for them. Otherwise, any attacker would have to pay a lot of money for real-time data on actual orders. Home Depot really needs to get in front of it immediately to beat attackers. They need to let their consumers know what to do next – and especially be aware that bad actors may call, email or text, view the last digits of their card and recent orders, and prompt these consumers Clicking through the links extracts valuable information from them, drops ransomware or other malware, or harms others. Merely reporting a violation without informing and avoiding consumers of expected attacks is like diagnosing a treatable disease but withholding possible treatments. It may be cyber misconduct. “
“The Home Depot may have the right hardware for customers, but in this case they lacked the tools to protect their information,” said Dave Yost, attorney general for Ohio, whose state will be awarded $ 656.210.
“This settlement ensures that companies like Home Depot take the necessary steps to adequately protect consumer data,” said Kentucky attorney general Daniel Cameron, whose state will receive $ 188,570.
“Companies that collect sensitive personal information from customers have an obligation to protect that information from unlawful use or disclosure,” said William Tong, Connecticut attorney general. “Home Depot didn’t take these precautions.”
Home Depot originally announced, “We want you to know that we have now confirmed that these systems have indeed been breached, which could potentially impact any customer who has used their payment card in our US and Canadian stores as of April . ” After the agreement, the chain released a statement entitled “Security is a Top Priority” and that it has “invested heavily in further securing our systems since 2014. We are glad to put this matter behind us. “
Attorney General: Home Depot settles $ 17.5 million lawsuit following a data breach
Home Depot confirms the suspicion of a breach of customer data
Home Depot suffers a data breach upon order confirmation