Home Depot’s investigation of a suspected hacker attack is renewing pressure on retailers and credit-card providers to strengthen payment-system security.
The nation’s largest home-improvement chain said Tuesday that it was working with banks and law enforcement on the possible incursion, following a report by KrebsOnSecurity that a “massive” batch of stolen credit- and debit-card information was posted for sale online.
The probe comes a week after Bloomberg News reported that JPMorgan Chase & Co. and at least four other banks were targeted by hackers in a coordinated attack. Celebrities relying on Apple’s iCloud service to store photos also had nude pictures stolen and posted online in recent days, showing that both corporations and individuals need to tighten security practices. Target, Supervalu and Neiman Marcus are among retail chains that have recently been attacked.
“The criminals are getting smarter faster than the companies,” said Jaime Katz, an analyst at Morningstar in Chicago.
The suspected Home Depot breach raises fresh questions about retailers’ slow adoption of “chip and PIN” technology, which makes cards more secure, said Michael Sutton, vice president of security research for San Jose, California-based cloud-computing company Zscaler.
“Retailers are now seeing firsthand why the technology is necessary and how technology costs pale in comparison to the direct and indirect costs associated with a major data breach,” Sutton said.
Credit card networks have set an October 2015 deadline for most U.S. merchants to upgrade their payment systems.
“The technology has not been widely adopted in the U.S., primarily due to lobbying by retailers who were concerned about the cost of implementing the technology,” Sutton said.
The suspected breach at Home Depot may have occurred in late April or early May and could encompass all 2,200 of the company’s stores in the U.S., said Brian Krebs, the independent journalist who uncovered the hacker attack at Target last year. That means it could be larger than the Target incident, he said.
Paula Drake, a spokeswoman for Atlanta-based Home Depot, said Tuesday that the company hadn’t yet established that a breach had occurred.
“We’re looking into some unusual activity,” she said. “We are aggressively gathering facts at this point while working to protect customers.”
The company posted a note to shoppers on its website, urging them to monitor their accounts and report suspicious activity.
“If we confirm a breach, we will offer free identity protection services, including credit monitoring, to any potentially impacted customers,” the company said. “We’re working hard to get you the information you need as quickly as possible and will continue to provide updates as we learn more.”
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.