Home Depot is the latest retailer to begin investigating a possible data breach.
“At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” according to a statement emailed to SCMagazine.com on Tuesday by Paula Drake, a Home Depot spokesperson.
Citing his correspondence with several banks, Brian Krebs reported on Tuesday that a large number of payment cards recently made available for purchase on an underground marketplace may be tied to Home Depot stores. While it is unclear, initial analysis indicates the breach could have impacted all 2,200 Home Depot stores in the country, and may have dated back to late April or early May, Krebs wrote.
“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers,” according to the Home Depot statement. “If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further.”
Compromising only a single point-of-sale (POS) device can enable an attacker to gain access to a retailer’s infrastructure and steal payment card data, Nick Levay, CSO at Bit9, told SCMagazine.com in a Tuesday email correspondence.
“Typically, most organizations rely on traditional anti-virus to protect endpoint devices,” Levay said. “The strategy of blocking only what’s known to be bad has hit a brick wall, and the paradigm needs to be flipped. A more effective way of [securing] endpoint devices is to ensure that only known good can run. This is most often called default-deny or whitelisting.”
These types of incidents tend to go on undetected for so long due to a lack of visibility and “eyes on the glass,” Levay said, adding, “You’ve got to be collecting the right telemetry, and you’ve got to have analysts tracking change to the environment and monitoring alerts.”
On Tuesday, Home Depot shares fell about 2 percent to $91.15.
UPDATE: Home Depot has been working with Symantec and FishNet Security as part of an ongoing investigation, according to a Wednesday statement emailed to SCMagazine.com by Paula Drake, a Home Depot spokesperson. “It’s important to note that in the event we determine there has been a data breach, our customers will not be responsible for any possible fraudulent charges,” according to the statement, which goes on to add, “We will also offer free identity protection services, including credit monitoring, to any potentially impacted customers.”