Home Depot confirms data breach, hit by same malware as Target

Home Depot confirms data breach, hit by same malware as Target
Home Depot has confirmed its payment systems have been hacked at nearly 2,200 stores in US and Canada. The stealing-code used for the breach could reportedly point at a Russian connection in the case.

The US’s fourth-largest retailer announced on Monday it investigates five months of transactions now that the cyber-attack was apparent. While the company officials do not specify the possible scale of the damage done, experts believe it could turn out one of the biggest data breaches in history.

"We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred," Chairman and Chief Executive Officer Frank Blake said in a statement. "It is important to emphasize that no customers will be responsible for fraudulent charges to their accounts."

The confirmation came a week after a security blogger Brian Krebs warned that Home Depot stores could be the source of stolen credit and debit card data which went on sale on the black cyber-market - rescator[dot]cc.

That’s the latest in a row of massive data breaches at large retailers in the US in less than a year.

The worst-hit so far has been Target Corp, which revealed in January that hackers stole sensitive data from some 110 million of their customers as part of a pre-Christmas data breach, which also affected Neiman Marcus and Michaels Companies Inc.

Investigators revealed the malware used for hacking Target was one named ‘BlackPOS’ and also known as ‘Kaptoxa’ (‘kartoshka’, or ‘potato’ in Russian). More Russian words were found in the code of the virus.

In August, a Wisconsin-based security firm said that a gang of Russian cybercriminals was responsible for large-scale stealing of internet credentials.

READ MORE: Russian cybergang accused of accumulating most stolen web credentials ever

The code used for stealing the Home Depot customers’ credentials was reportedly a modified version of the one used for the Target data breach. It could not yet be determined though if the attack on Home Depot was carried out by the same gang that stole data from Target.

The code also contained Russian words and included links to a Wikipedia article on a list of wars involving the US and the website for a book titled, ‘America's Deadliest Export: Democracy’, according to the Wall Street Journal, citing an anonymous source close to investigation.

The way the stolen credentials were sold on the black market was one to also suggest a ‘Russian hand’ in the matter.

In what can only be interpreted as intended retribution for US and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards ‘American Sanctions’,” Krebbs writes in his security blog. “Stolen cards issued by European banks that were used in compromised US store locations are being sold under a new batch of cards labeled ‘European Sanctions’.”

Whoever behind the Home Depot breach, it once again showed the US was lagging behind Europe in use of microchips in credit and debit cards, which make transactions more secure. Retailers, banks and card companies have lately been active trying to adopt the technology.

Home Depot has been among them, promising to introduce PIN- and chip-enabled cards at all its US stores by the end of the year.

Now it promises free identity-protection services, including credit monitoring, to any customers potentially impacted in the cyber-attack.