What’s the deal with the Home Depot data breach?

TheHomeDepotThe massive data breach of payment card numbers and other customer details at Target last December raised serious doubts about security of point-of-sale (POS) systems. And the recent breach of the Home Depot has amplified those concerns, as more and more retailers are owning up to breaches involving POS compromises.

In the Home Depot’s case, the company hasn’t fully disclosed what data was lost or at how many of its more than 2,000 stores — leading to speculation about the size of the breach and whether the same type of malware that hit Target was involved. [UPDATE: Home Depot confirms 56 million payment card numbers were exposed.]

What can consumers and retailers do to stay safe?

The Home Depot dilemma

One of the most startling revelations about the Home Depot breach is that the company’s POS registers were supposedly protected by antivirus software, but to no avail.

How did the attackers get around the Home Depot’s antivirus protection?

Sophos Senior Security Advisor Chester Wisniewski tells Bankinfosecurity.com that determined attackers can craft their malware to evade detection by antivirus software.

“A smart attacker in a targeted environment will always bypass your antivirus,” Chet says.

That doesn’t mean there’s no defense against the type of malware that apparently hit Home Depot POS registers.

Chet explains that an antivirus and firewall can stop the vast majority of “opportunistic” attacks, but stopping targeted attacks (also known as APTs) requires additional layers of security.

For consumers, there’s not much Home Depot customers can do apart from checking for fraudulent charges on their credit cards (fortunately, debit card PINs were not stolen in this attack).

As Chet says in a recent episode of the Sophos Security Chet Chat podcast, “As a Home Depot customer myself, I’ll be keeping a close eye on my credit card statements for a while, just to be sure that nobody has run off with my details.”

You can listen to the podcast embedded below — skip ahead to the [9’28”] mark to hear Chet and Naked Security expert Paul Ducklin’s discussion of the Home Depot breach.

(Audio player above not working? Download the MP3, or listen on Soundcloud.)

Beyond the Home Depot Hype: How to stop credit card thieves and opportunistic malware

Watch Sophos security expert Chester Wisniewski, who recently appeared on ABC News, discuss the Home Depot breach in the webcast below.

Learn how to not only protect credit card transactions, but how to detect and stop data theft.

One thought on “What’s the deal with the Home Depot data breach?

  1. Pingback: Millions of Dropbox accounts breached – is your data safe in the public cloud? | Sophos Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s