Hackers owned Home Depot's networks for five months
If the growing list of companies reporting massive data
breaches makes you start to think the Internet criminals are winning, you're
right. Exhibit A is the disclosure by Home Depot in a November
6, 2014, press release that crooks extracted customer information from the
company's network on a daily basis for five months before they were detected in
The breach that gave hackers unfettered access to Home
Depot's networks -- including the point-of-sale terminals that collected
customer credit-card information -- started through the company's network for
third-party vendors. Once they gained access to that system, the hackers made
the jump to Home Depot's internal networks, where they ran wild. In addition to
the financial information they stole, the bad guys collected 53 million email
As Forbes' Paula Rosenblum explains in a November
6, 2014, article, the network was infiltrated despite Home Depot complying
with the Payment Card Industry Data Security Standard (PCI-DSS). Target
likewise was in compliance with PCI-DSS guidelines when its network was hacked
in 2013. In both cases, the thieves gained access via the companies' vendor
This is far from the end of such attacks on retailers' data
networks. Companies have to assume their networks have been breached and will
be breached again. Their focus must be on limiting the damage when breaches
occur, primarily by encrypting data, continually monitoring for abnormal
activity on their networks, and implementing more stringent access controls on
their most sensitive data.
What can you do to protect yourself as the holiday shopping
season approaches? Rosenbaum lists several precautions consumers can take:
1) Don't use debit cards -- credit cards offer better
protections against loss due to theft of your account information.
2) Use PayPal, Apple Pay, or a similar service that doesn't
expose your credit-card number to retailers. Use cash rather than credit when
making purchases in stores.
3) Shop online rather than at brick-and-mortar stores. In
the U.S., online breaches are less prevalent than in-store breaches.
a shopping-only email address that won't jeopardize your contacts should it get
stolen and the account subsequently hacked.