According to Krebs on Security numerous banks reported seeing evidence that Home Depot stores could be the source of a massive new data breach. A huge batch of stolen credit and debit cards went on sale yesterday in underground cyber crime websites. Home Depot spokesperson Paula Drake confirmed that the company is working in concert with banks and law enforcement agencies to investigate the suspicious activity.
Reading from a prepared statement Drake stated; “I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate. Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
The data stolen from Home Depot is for sale on rescator.cc, the same site that posted Target stores stolen data. According to Krebs this may indicate the same group perpetrated both breaches. The batches for sale were named “American Sanctions” and “European Sanctions.” Krebs speculated the hack may have been retribution by Russian hackers in response to sanctions imposed on Russia for its actions in Ukraine. The Home Depot breach may go back as far as April, suggesting it could be an even larger breach than Target’s.
Home Depot said it would make sure customers are notified if the company identified a breach.
For more information please see