Home Depot And Target Hit With Identical Malware

Home Depot has confirmed that its payment systems were breached at U.S. and Canadian stores, the retailer said on Monday (Sept. 8).

The breach may have begun as early as April 2014, according to the chain, which is offering free identity protection services and credit monitoring to customers who have shopped at Home Depot stores since April.

The Home Depot breach shows increasing signs of involving the same attackers who stole payment card data from Target point-of-sale systems, Krebs on Security reported.

At least some Home Depot stores were infected with a variant of the BlackPOS malware that was also used in the Target attacks that exposed 40 million customer card accounts, according to a source close to the investigation.

In addition, card numbers that appear to have been stolen from Home Depot systems were being sold on the same underground cybercrime website where millions of card numbers from the Target attack were sold. At least nine large batches of card numbers stolen from Home Depot have been put up for sale over several days, in a pattern similar to several dozen batches of stolen card numbers from Target that were offered for sale over a three-month period.




New PYMNTS Report: The CFO’s Guide To Digitizing B2B Payments – August 2020 

The CFO’s Guide To Digitizing B2B Payments, a PYMNTS and Comdata collaboration, examines how companies are updating their AP approaches to protect their cash flows, support their vendors and enable their financial departments to operate remotely.

Click to comment