Plus a special bootcamp offer
Hello, Hoodies!
We’re continuing our History of Hacking series with another major data breach – Home Depot.
Not quite as iconic as the Target hack but one we can still learn from (see last week’s post).
Before we dive in, we still have seats left to the Zero to Hoodie Cybersecurity Bootcamp.
We took the best parts from the first cohort and made it EVEN BETTER.
Get your seats here:
https:// bowtiedcyber.gumroad.com/ l/bootcamp
Or upgrade to a PAID HOODIE in the STACK and start your cyber career for just $20/month. Includes FREE discord access when you sign up:
We have options around here 🙂
Now let’s learn about an epic failure!
Home Depot Hack: Biggest Store Data Breach Explained
More than fifty million people had their personal information compromised due to the Home Depot hack in 2014. A hacker used malware to infiltrate self-pay kiosks and stole customers’ names, email addresses, credit card numbers, security codes, and expiry dates.
The massive distribution center came under fire for its slow response to the security breach. The time it took to notify the breach violation impacted customers and the relevant authorities. Additional information suggests that the hacker gained access to Home Depot’s system by using fraudulent vendor credentials that were acquired to install the malware.
When did the Data Breach Occur at Home Depot?
Both the United States and Canada were affected by the data breach at Home Depot between April 2014 and September 2. The malware was planted on the self-checkout machines, and the crooks used this vulnerability to steal the names and bank card information of almost 50 million clients.
Investigators strongly suspect that a variation of the malware (BlackPOS) that was used to break into Target was also responsible for stealing millions of credit cards from Home Depot.
Data Breach Cost $179 Million to Home Depot
The data leak at Home Depot was a massive deal. The most significant breach of retail customer data involved a point-of-sale system that had been revealed.
The cost of the retail data breach is about $179 million, but this amount does not include all of the legal expenses that Home Depot must pay, nor does it include any settlements that have not been made public.
The ultimate cost of the data breach at the retail establishment will be far higher, and it is likely to exceed $200 million.
Stolen Credit Cards
It was discovered that malicious software had been downloaded, which enabled hackers to steal over 50 million credit card details and over 53 million email addresses belonging to Home Depot consumers.
In December 2018, Home Depot agreed to compensate affected consumers for the breach by paying out $19.5 million in damages. The reimbursement incorporated the costs associated with offering credit monitoring services to people with compromised personal information.
Home Depot Official Statement
In addition, Home Depot must have forked over at least $134.5 million to credit card issuers and other institutions. Because of the most recent settlement amount, financial institutions and credit card firms will be able to file claims for a maximum of $2 per stolen credit card without having to provide evidence of the damages they incurred. If banks can demonstrate losses, they will be paid for up to sixty percent of such losses.
How did Hackers Attack Home Depot?
According to an internal investigation conducted by Home Depot, the intruders gained access to the company’s computer networks in a novel and unexpected manner.
The intruders indirectly gained access to the system; they did so by stealing a password from a Home Depot vendor, which is a business that Home Depot collaborates with.
The Attack was an Inside job
Hackers acquired access to the Home Depot’s network through the back door and compromised the account of a refrigeration business. Then they used that company’s electronic invoice submission to access Home Depot’s network.
As soon as the hackers had their foot in the system (thanks to the stolen password), they began acting like criminals at night, slipping through weak “doors” and determining what types of internal activities they could tamper with.
They eventually ran into the core of the Microsoft-based computer operations, which was a roadblock to further progress. Because the program included a security flaw, the hackers could exploit it and obtain access to Home Depot’s whole operational system.
Once the hackers had gained access to the system, they began their covert operations, which included stealing data, gathering data, passing it outside to their designs, and deleting their steps without being discovered.
These activities were carried out during regular business hours. It’s incredible how well they integrated themselves with the rest of the business.
Home Depot’s Response to the Unfortunate Event
Home Depot made several significant efforts to make things right for its consumers, even though it is difficult to restore the damage done.
Free credit card monitoring and identity protection: They offered free credit monitoring and identity protection services to any customers affected by the data breach, established a dedicated call center to answer questions, and provided fraud assistance teams to assist people in dealing with any fraudulent activity that may have occurred as a result of the breach.
Consumer data encryption: Encrypting consumer data at every point of sale and strengthening Home Depot’s overall security posture are two new security measures introduced throughout the retailer’s shops.
How can Businesses like Home Depot prevent Data Breaches?
“Because security requires heavy investments, it is highly unlikely that Cyber attackes go away anytime soon. There is a serious need to upgrade payment technology that people have been talking about but are far from implementing and the consequences are very clear”
To prevent such heavy data breaches happen, businesses should;
Introduce security measures, like:
Usage of secure passwords
Encryption and regulation of data
Network compliance with anti-virus, firewalls, up-to-date firmware, anti-malware and others
Periodic network scans should be conducted
Implement Security policies on the use of mobile devices and other systems.
Train all the staff to follow these policies.
Ensure a contingency plan if their data security measures are breached.
Prepare a data breach response plan
Consider all the procedures, entities to contact during such incidents, and the way organizations will communicate with the customers.
Having a data breach incident response plan in place is one of the most critical things a company can do to prepare for a data breach.
Bottom Line
The Home Depot hack reminds us that we all need to be vigilant about our online security. However, it’s also a lesson on how companies can rebound from data breaches. Home Depot has been working hard to improve its security measures and is now considered one of the most secure online retailers. We can learn from their example and make sure that our businesses are prepared for when (not if) something happens.
That’s all for this one.
Keep grinding, Hoodies.
WAGMI
Your fren,
-Cyber
