If you used a credit or debit card at Home Depot between April and September of this year review your statements, you may be a victim of hacking.
Home Depot confirmed a breach on Sept. 8, after credit card data linked to its customers went up for sale on black-market website Rescator.cc.
As many as 56 million customer cards are at risk making this data breach larger than the 40 million affected by last fall’s breach at Target Stores.
Home Depot could have avoided data breach
The New York Times says Home Depot ignored security warnings from its own computer experts for the past six years.
The Times spoke with former Home Depot cybersecurity employees on condition of anonymity, who reported that multiple serious warnings about the company's lack of computer security went unheeded for years.
“Several former Home Depot employees said they were not surprised the company had been hacked. They said that over the years, when they sought new software and training, managers came back with the same response: “We sell hammers.””
After the Target credit card hack leaked 40 million credit and debit card users' information, Home Depot assembled a team to beef up the company's cybersecurity. In April, Home Depot began utilizing data-scrambling encryption at its point-of-sale equipment. But as the Times explains, that rollout was already behind:
“But criminals were already deep in Home Depot's systems. By the time the company learned on Sept. 2 from banks and law enforcement that it had been breached, hackers had been stealing millions of customers' card information, unnoticed for months. The rollout of the company's new encryption was not completed until last week.”
The hackers used custom-made software to evade detection, relying on tools that hadn’t been used in previous attacks, Home Depot said in a statement. The malicious software, which “is believed to have been present between April and September 2014,” has now been removed from the company’s systems, according to the statement.
If you shopped at Home Depot
It’s become all too familiar — yet another major security breach at one of America’s largest retailers. Hackers get into the network, and are able to use Home Depot’s own system to put malware on each of the registers.
Anyone who swiped their card during this time could have had their credit card number stolen. The hackers were stealing the card almost as quickly as Home Depot was getting it.
Review your card statements every month for any unauthorized charges. Especially keep an eye out for smaller charges. Thieves will charge smaller amounts to test to see if you notice and then charge a larger amount later.
Check your credit report for any accounts that thieves may have opened in your name. Home Depot is offering free credit monitoring and identity protection services to customers. Customers can go to the company's website for more information or call them at 800-466-3337.