Home Depot And Target Hit With Identical Malware

Home Depot has confirmed that its payment systems were breached at U.S. and Canadian stores, the retailer said on Monday (Sept. 8).

The breach may have begun as early as April 2014, according to the chain, which is offering free identity protection services and credit monitoring to customers who have shopped at Home Depot stores since April.

The Home Depot breach shows increasing signs of involving the same attackers who stole payment card data from Target point-of-sale systems, Krebs on Security reported.

At least some Home Depot stores were infected with a variant of the BlackPOS malware that was also used in the Target attacks that exposed 40 million customer card accounts, according to a source close to the investigation.

In addition, card numbers that appear to have been stolen from Home Depot systems were being sold on the same underground cybercrime website where millions of card numbers from the Target attack were sold. At least nine large batches of card numbers stolen from Home Depot have been put up for sale over several days, in a pattern similar to several dozen batches of stolen card numbers from Target that were offered for sale over a three-month period.




Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the December 2019 Mobile Card App Adoption Study, PYMNTS surveyed 2,000 U.S. consumers for a reveal of the four most compelling features apps must have to engage users and drive greater adoption.

Click to comment