September 21, 2014
A major security failure at Home Depot has led to millions of credit card details falling into the hands of hackers. Home Depot says that hackers used custom written malware to attack the store’s registers. However, former Home Depot employees report that, for several years, the company ignored warnings about the potential for just such an attack.
Businessweek reports that former Home Depot employees “describe a work environment in which employee turnover, outdated software, and a stated preference for ‘C-level security’ (as opposed to A-level or B-level) hampered the team’s effectiveness.” It is unclear, however, whether these security issues contributed to the loss of the customer data. Home Depot says that “[t]he hackers used custom-made software to evade detection, relying on tools that hadn’t been used in previous attacks”
Whoever is really to blame for the security failure, the hackers’ malware remained on at least some Home Depot registers between April and September 2014, and 56 million consumers are at risk as a result. Consumers who shopped at Home Depot within the effected period should carefully check their credit card statements for suspicious transactions (more from the FTC) and be aware of the signs of identity theft (FTC).