Home Depot confirms data breach, offers identity theft protection and credit …

Home Depot confirmed Monday that it has, indeed, been hacked. The data breach potentially affects anyone who shopped at the chain’s 2,200 stores in the United States or in Canada and paid with a credit or debit card from April on.

Home Depot apologized and is now offering free identity theft protection and credit monitoring to its customers through AllClear ID.

“Last Tuesday, September 2, we disclosed that we were investigating a possible breach of our payment data systems,” Home Depot said in a statement on its website Monday. “We want you to know that we have now confirmed that those systems have in fact been breached, which could potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward.

“We do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com. We apologize for the frustration and anxiety this causes our customers.”

Home Depot previously said there’s no evidence that customers’ debit PIN numbers were stolen. Home Depot has at least 27 stores in Wisconsin.

When the chain first disclosed it was investigating “unusual activity” last Tuesday, Home Depot promised that customers wouldn’t be financially liable for any losses incurred as a result of the data breach. Home Depot or the financial institution that issued the card are financially responsible, the chain said.

Home Depot on Monday re-affirmed its pledge last week to offer consumers free identity theft protection in case a breach was confirmed. Consumers aren’t required to take any action right now, but as of Monday, Home Depot customers who shopped at the chain with a payment card from April on can sign up for free credit monitoring and identity theft protection through AllClear ID.

The free offer started Monday and will be valid through Sept. 8, 2015. Consumers are asked to verify that they shopped at a Home Depot store after April 1, 2014, enter their name and email address and watch for a confirmation email. Home Depot said the information captured in the sign-up process will not be used for any purpose other than providing consumers with protection.

Home Depot continues to urge customers to carefully monitor their financial accounts and report any unauthorized charges to the institution that issued the card.

Consumers who discover unusual activity on their accounts can also call (855) 252-0908, where Home Depot promises a “dedicated investigator will do the work to recover financial losses, restore your credit, and make sure your identity is returned to its proper condition.”

American customers can enroll in the AllClear PRO service. Canadian customers can enroll in the Equifax Premier service at any time during the next 12 months.

Brian Krebs, the cyber security reporter who broke the stories about Home Depot and Target, reported Sunday that the data breach at Home Depot appears to have been caused by a variation of the same malware used to steal credit and debit card information for some 40 million Target customers last year. Krebs projected the Home Depot breach could be bigger than the one at Target.

Sources told Krebs that at least some of Home Depot’s store registers had been infected with the new variant of the malware “BlackPOS,” which captures data from cards when customers swipe them at the terminals.

The malware apparently disguises itself as part of the anti-virus software on the machines. Only one of more than two dozen anti-malware programs (McAfee) was able to detect it as malicious as of mid-August, Krebs said.

The BlackPOS malware apparently found on Home Depot’s system was also found on Target’s terminals, he said. Krebs said this is a sign that the same hackers who carried out the Target attack may be responsible for hacking Home Depot.

Another indicator: The stolen credit and debit card information is being sold on the same website.

The criminals responsible for the Home Depot hacking had already put two batches of card info out for sale on the website last week and put another nine large batches of card info up for sale under the name “American Sanctions” in the past few days, Krebs reports. The card info stolen in the Target breach were on sale for about three months after the breach.

As Krebs pointed out in a previous report, the hackers may be sending political signals. He said the malware has links to websites with content accusing America of “fomenting war and unrest in the name of democracy in Ukraine, Syria, Egypt and Libya.”

Consumers with questions can call Home Depot’s consumer hotline at (800) HOME-DEPOT. That’s (800) 466-3337.

To sign up for Home Depot’s free credit monitoring and identity theft protection, visit this website.

You can find some effective tips on how to protect yourself from identity theft in the case of a data breach at the bottom of this Public Investigator story.

Get alerts when the Public Investigator posts updates to this story as well as other consumer stories. Visit the Public Investigator blog at jsonline.com/piblog.

Facebook: fb.me/GitteLaasbyPage

Twitter: @GitteLaasbyMJS

Article source: http://www.jsonline.com/watchdog/pi/home-depot-confirms-data-breach-b99347365z1-274393991.html

Technorati Tags: ,

Tags: ,

Leave a Reply