Home Depot Data Breach Confirmed

September 17, 2014

On September 2, 2014, Brian Krebs first reported that Home Depot may have experienced a security breach. On September 8, 2014, the company confirmed the Home Depot data breach. The data breach may affect anyone who shopped at a Home Depot store in the United States from April 2014 to September 2, 2014. Home Depot’s customers may have been attacked by the same malware that was used in the recent Target data breach.

Home Depot Credit Breach Will Affect a Large Number of Consumers

The breach may affect up to 60 million customers and involve up to $3 billion in fraudulent purchases, according to a credit protection company quoted in CBC News. Approximately 10% to 15% of the debit and credit cards stolen in the Home Depot security breach will be used for fraudulent purchases.

The average fraudulent purchase is estimated to be $332 per debit or credit card. Fraudulent charges on stolen credit cards can range from as little as a few dollars to tens of thousands of dollars. Sometimes stolen debit and credit cards will be used at just one store, while other times thieves will use the cards at multiple stores. Consumers who shopped at Home Depot from April 2014 to September 2, 2014 have been advised by security experts to monitor their credit reports and to check their bank statements for any suspicious charges.


Fraudulent ATM Withdrawals after Home Depot Hacked

Home Depot has stated that no ATM/debit pin numbers were stolen in the breach. Krebs, however, has reported that there appear to have been fraudulent ATM withdrawals using debit card numbers that were stolen in the Home Depot data breach. Krebs stated that there are many websites that list social security numbers, so people who used debit and credit cards stolen in the Home Depot security breach may be able to use social security numbers and other information to reset the pin numbers of stolen cards.

Krebs spoke with an employee at a large West Coast bank who said that thieves took out more than $300,000 in two hours using debit cards that were recently used at Home Depot. Part of the reason that thieves were able to withdraw so much money so quickly is that they called the bank and told them that they needed to raise their card limits because they were traveling in Italy. Consumers who shopped at Home Depot from April 2014 to September 2, 2014 with a debit/ATM card should be on the lookout for fraudulent ATM withdrawals.

Are Home Depot’s Data Security Systems Adequate?

There have been reports that Home Depot failed to adequately protect its customers’ data. Five former Home Depot employees reported to Businessweek that they would grade Home Depot’s security as a “C.” Particularly troubling, the former employees reported that Home Depot did not encrypt its customers’ debit and credit card information. Home Depot was reportedly in the process of upgrading its system to encrypt debit and credit card information, but had not changed the system yet when it was breached.

Home Depot was also reportedly using out-of-date antivirus software that was released by Symantec in 2007. Symantec upgraded its software in 2011. The former employees who were interviewed said that they complained that Home Depot’s software was out of date, but Home Depot failed to update its antivirus software. A former Home Depot manager also said that Symantec ran a “health check” in approximately July 2014 and found that Home Depot’s malware detection was out of date. In July of this year, Home Depot’s data breach was still ongoing.

Attorneys General Launch Home Depot Security Breach Investigation

Attorneys General from many states have announced a multistate investigation into the Home Depot data breach. California Attorney General Kamala D. Harris, Connecticut Attorney General George Jepsen, and Illinois Attorney General Lisa Madigan are leading the multistate investigation. The State of New York and the State of Iowa are also participating in the investigation of the Home Depot data breach.

Home Depot Data Breach Class Action Lawsuit

Gibbs Law Group is interested in hearing from you if you made a debit card or credit card purchase at a Home Depot store between April 2014  and September 2, 2014 and have had unauthorized charges on your account, or have been otherwise harmed by unauthorized access to your account data. Please fill out the form on the right or call toll-free at (866) 981-4800 if you would like to speak to a consumer attorney about the Home Depot data breach class action lawsuit.

The attorneys at Gibbs Law Group work to hold companies accountable for data breach violations. We have represented victims of data breaches in a number of lawsuits, including recent victims of data breaches targeting Certegy Check Services, Adobe, Healthnet, Target and IBM.