In a detailed account of Home Depot's breach, The Wall Street Journal disclosed that the compromised credit cards and emails could have been stolen as a result of a Windows vulnerability in the retailer's main network.
Attackers reportedly gained credentials from a third-party vendor and then navigated through the vendor's system and Home Depot's secure network by exploiting the vulnerability.
Microsoft issued a fix for the security lapse after the breach had already begun, and the retailer installed it, however at that point, it was too late.
The article went on to say that a company IT employee purchased two dozen secure iPhones and MacBooks for senior executives after news of the breach broke.
The new devices were reportedly identified as “bat phones,” which some news sites have interpreted as a loss of trust in the retailer's Microsoft-based systems.