Home Depot confirms data breach, hit by same malware as Target

A Home Depot store is seen in New York, in this file image from August 18, 2008. (Reuters/Shannon Stapleton)RT

Home Depot has confirmed its payment systems have been hacked at nearly 2,200 stores in US and Canada. The stealing-code used for the breach could reportedly point at a Russian connection in the case.

The US’s fourth-largest retailer announced on Monday it investigates five months of transactions now that the cyber-attack was apparent. While the company officials do not specify the possible scale of the damage done, experts believe it could turn out one of the biggest data breaches in history.   

We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred,” Chairman and Chief Executive Officer Frank Blake said in a statement. “It is important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”

The confirmation came a week after a security blogger Brian Krebs warned that Home Depot stores could be the source of stolen credit and debit card data which went on sale on the black cyber-market – rescator[dot]cc.

That’s the latest in a row of massive data breaches at large retailers in the US in less than a year.

The worst-hit so far has been Target Corp, which revealed in January that hackers stole sensitive data from some 110 million of their customers as part of a pre-Christmas data breach, which also affected Neiman Marcus and Michaels Companies Inc.

Investigators revealed the malware used for hacking Target was one named ‘BlackPOS’ and also known as ‘Kaptoxa’ (‘kartoshka’, or ‘potato’ in Russian). More Russian words were found in the code of the virus.

In August, a Wisconsin-based security firm said that a gang of Russian cybercriminals was responsible for large-scale stealing of internet credentials.

The code used for stealing the Home Depot customers’ credentials was reportedly a modified version of the one used for the Target data breach. It could not yet be determined though if the attack on Home Depot was carried out by the same gang that stole data from Target.

The code also contained Russian words and included links to a Wikipedia article on a list of wars involving the US and the website for a book titled, ‘America’s Deadliest Export: Democracy’, according to the Wall Street Journal, citing an anonymous source close to investigation.

The way the stolen credentials were sold on the black market was one to also suggest a ‘Russian hand’ in the matter.

In what can only be interpreted as intended retribution for US and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards ‘American Sanctions’,” Krebbs writes in his security blog. “Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labeled ‘European Sanctions’.”

Whoever behind the Home Depot breach, it once again showed the US was lagging behind Europe in use of microchips in credit and debit cards, which make transactions more secure. Retailers, banks and card companies have lately been active trying to adopt the technology.

Home Depot has been among them, promising to introduce PIN- and chip-enabled cards at all its US stores by the end of the year.

Now it promises free identity-protection services, including credit monitoring, to any customers potentially impacted in the cyber-attack.

http://rt.com/usa/186224-home-depot-data-breach/

3 thoughts on “Home Depot confirms data breach, hit by same malware as Target

  1. I don’t shop there anymore anyway. They put my local hardware and lumber yard out of business essentially. I had better service and overall was cheaper anyway to deal with a family owned business in the long run.

  2. Home Depot was founded by Arthur Blank and Bernard Marcus in 1978 with startup investment assembled by banker Ken Langone. Blank, Marcus, and Langone are now all billionaires.

    Blank, owner of the Atlanta Falcons, is a Jew. His company, AMB Group, provides investment services. The Arthur M Blank Family Foundation, among other initiatives, supports education strategies and access to healthy food (this is from internet bios, not my wording).

    Marcus, also a Jew, is cofounder of Israel Democracy Institute and the Marcus Foundation (medical research, free enterprise, and Jewish causes).

    Langone, a Roman Catholic, attempted to buy the New York Stock Exchange in 2005. He was a codefendant in 2004 with Richard Grasso over the $139.5 million benefit package given Grasso on leaving the NYSE. Langone was knighted by Pope Benedict XVI (Joseph Ratzinger) into the order of St Gregory.

    Blank, Marcus, and Langone are “signatories” to The Giving Pledge, an organization founded by Bill Gates and Warren Buffet, which campaigns focus on billionaires giving 50% of their wealth to “philanthropy” (no doubt regular people would have an entirely different definition of what is termed philanthropy by this organization). The list of The Giving Pledge signatories is at http://en.wikipedia.org/wiki/The_Giving_Pledge.

    Chairman and CEO of Home Depot is Frank Blake. The career of Blake, an attorney and alumnus of Harvard and Columbia Law, includes clerking for Supreme Court Justice John Stevens, general counsel for the EPA, deputy secretary for the US Department of Energy, VP for General Electric, board member of the electric distribution company Southern Co., a trustee for Enterprise Foundation (“making sure every American lives in a decent, affordable home”), Hands On Network of which Neil Bush is also a member (to “inspire, equip and mobilize volunteers to take action that changes the world”), and on the board of directors for Hudson Institute (a “conservative” think tank).

    With the above background on all these individuals, I’m left wondering if the data breach was really an outside hack (or crack in correct terminology) or if it was in some way an inside set up to further the progress of chip applications, especially since the only losers here are the “little” people shoppers. Make of it what you will.

  3. So…..

    1. The Russians did it? Bahahahaahhaha!!! What happened to ISIS? Oh wait! Mossad must have not taught them how to use a computer yet.

    Unfrigginbelievable…..It’s true what they say, “America: We’re looking for a Few Good Scapegoats”. As usual, America ALWAYS needs an enemy?

    Next week, it will be the Chinese and then maybe the Germans. Basically, everyone but the REAL hackers/terrorists which are the CIA/Mossad and our treasonous government itself. Pathetic. As always, the REAL enemy is from within.

    2. Because the code contained “some Russian words”, it is all of a sudden assumed that it was the Russians and not some CIA operation in which a CIA operative could have easily inputted a few Russian words to make people think that it was the Russians and by the way, WHERE IS THE PROOF? Any footage or snapshots of that code?

    3. Because the latest hacking at Home Depot contained was a modified version of it that also had “some Russian words”, it is all of a sudden assumed that it was the Russians and not some CIA operation?

    4. ““We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred,” Chairman and Chief Executive Officer Frank Blake said in a statement. “It is important to emphasize that no customers will be responsible for fraudulent charges to their accounts.””

    Yes, and since the government is labeling this an International hacking, NO ONE will be held accountable for it and everyone’s information will be stolen and there’s nothing anyone can do about it, which is just what our treasonous government wants.

    5. This will happen more and more just like I said after the Target hacking because 1. They have not, cannot and will not catch these hackers and 2. they need this in order to create their “problem, reaction, solution” scenario in order to get businesses to switch their machines and information over to a more “secure” system which will most likely rob you of more of your privacy rights (if we have any anymore) and make you use a fingerprint ID or some other form of Identification which of course WILL NOT fix the problem that the machine was HACKED and that the criminals are still out there. Once again, imposing something that will cure the symptoms of the problem but not the ROOT of the problem.

Join the Conversation

Your email address will not be published. Required fields are marked *


*