Home Depot breach blamed for sale of millions of US credit card details

3 Sep 2014

The online sale of banking and credit card details of millions of people in the US has been blamed on a suspected data breach at Home Depot that could be bigger than the Target breach earlier this year.

In the last 24 hours, a massive batch of credit and debit card information went on sale on a criminal website, Rescator.cc.

According to Krebs on Security, multiple banks said they are seeing evidence that the home improvement retailer’s stores may be the source of the details.

There are signs the perpetrators may be the same group of Russian and Ukrainian hackers responsible for the security breaches at discount retailer Target and many others, including retailer Sally Beauty and restaurant chain PF Chang’s.

The latest breach, which extends across all 2,200 Home Depot stores across the US, as well as 287 outside the US, is believed to be in response to sanctions by the US and EU against Russia for its actions in Ukraine.

The batch that went up on Rescator.cc were labeled ‘American Sanctions’.

Security analysists have already estimated the breach could possibly end up even larger than the one that affected Target and the 70m credit and banking cards of its customers earlier this year.

Home Depot has confirmed it is investigating the breach and is working with all the financial institutions concerned, as well as law-enforcement agencies. 

Going after the weakest link

Ronan Murphy from Smarttech.ie said the cyber-criminals are using a set of techniques and methods to target the weakest link on the chain. 

“The data for sale includes information that would have come from the magnet strip on the back of credit and debit cards so based on that, there is probably malicious software on the point of sale registers in the stores.

“There is a high possibility that a recently discovered point-of-sale malicious software called ‘Backoff’ was responsible for the breach. The malware was first detected in October of 2013 and was not recognised by antivirus software programs until August of this year.

“It is not known whether the Home Depot breach involved the ‘Backoff’ malware, but we do know that these kinds of data problems are pervasive,” Murphy said.

Home Depot image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years