Additional 53 Million Email Addresses Confirmed Lost by Home Depot

  • 7 November 2014
  • 2 replies
  • 706 views

Userlevel 7
Badge +54
And the Data losses from Home Depot keep on growing.
 
Passwords or sensitive data associated with them not leaked
By Ionut Ilascu on November 7th, 2014 "The investigation in the Home Depot security breach that was discovered at the beginning of September revealed that about 53 million email addresses of customers had also been stolen, in addition to the 56 million payment card records previously disclosed.
Until now, details from the ongoing investigation of the event showed that initial illegal access to the Home Depot network was obtained by compromising a third-party’s username and password; the next step was to gain escalated privileges and move through the network.

This allowed them to infiltrate a piece of malware that was believed to be BlackPOS at the beginning. However, although the threat used by the attackers has not been officially confirmed, malware analysts say that a different family may have been used, on account of the many differences found in the way it operates." Full Article.

2 replies

Userlevel 7
Badge +54

"Home Depot…not encrypting the data at all, or using lax encryption standards"

by Cyrus Farivar - Nov 25 2014
 
Home Depot announced that it is facing “at least 44 civil lawsuits” in the United States and Canada stemming from 56 million customers' data being stolen and exposed earlier this year.
 
According to the disclosure, which was published Tuesday as part of the company’s quarterly earnings report, “We are also facing investigations by a number of state and federal agencies. These claims and investigations may adversely affect how we operate our business, divert the attention of management from the operation of the business, and result in additional costs and fines.”
 
Full Article
Userlevel 7
@ wrote:

"Home Depot…not encrypting the data at all, or using lax encryption standards"

by Cyrus Farivar - Nov 25 2014
 
Home Depot announced that it is facing “at least 44 civil lawsuits” in the United States and Canada stemming from 56 million customers' data being stolen and exposed earlier this year.
 
According to the disclosure, which was published Tuesday as part of the company’s quarterly earnings report, “We are also facing investigations by a number of state and federal agencies. These claims and investigations may adversely affect how we operate our business, divert the attention of management from the operation of the business, and result in additional costs and fines.”
 
Full Article
In other words, now that they have been bit by having sloppy IT and not spending enough for it, he is warning investors that profits might go down because they will actually be trying a bit harder to keep things more secure.  
 
Sigh.... 

Reply