Home Depot strives to be the top “do-it-yourself” store. The values of Home Depot include: creating shareholder value, entrepreneurship, taking care of our people, respecting everyone, doing the right thing, building strong relationships, giving back, and excellent customer service. Home Depot announced on September 8, 2014 that they had suffered from a cyber-attack that apparently began in April 2014 and was found on September 2, 2014. At least 56 million data about payment cards was at risk.
How It Happened: In 2014, a similar technique of exploitation in a previous target breach used to hack Home Depot’s point-of-sale processes.
The attackers took credentials from third-party vendors to collect credit card data using RAM scraping malware. From April to August of that year, customers who used the self-checkout systems were victims of this breach. In the announcement, Home Depot apologized for the breach, offered identity theft and credit monitoring services to affected customers, and promised their Incident Response Team would do their best to limit the breach’s damage.
Approximately 56 million credit and debit card details and 53 million email addresses were stolen. The Home Depot’s data breach at the time was the largest with the most known data stolen.
Point-of-Sale Infection: RAM / Memory scratching malware was a main component of how hackers gained access to the private and credit card data of millions of customers. This malware uses the vulnerability of POS while operations are being processed. This malware exploits the weakness of point-of-sale during transactions processing. The malware uses a separate registry function to check for Tracks 1 and 2 credit card information.
Data (information on credit cards) is vulnerable for milliseconds when stored in the RAM while the transaction is processed by the backend server. Each time a transaction is processed, a new credit card number enters the RAM while the payment is being processed.
Point-Of-Sale Security: Home Depot had bought software to encrypt credit card information while it was being sent to core computers from POS devices but failed to implement the software. Considering that Home Depot had encountered two small attacks before this violation, their security should have been up-to-date.
Software Security: The issue of anti-virus software in place was one concern introduced to the public’s awareness. Home Depot used Symantec Endpoint Protection 11, released in 2007. Version 11 was not the software’s latest version. Since attackers discover new methods to compromise the network of a company over time, Symantec always recommends using the recent version of their software. Whether or not the new version would have prevented the attack is difficult to tell, but it is always a good practice to stay up to date.