Bad news for Home Depot as the company presumably prepares to issue some serious apologies: a recently reported credit card data breach could quickly surpass Target‘s nightmare to become the biggest in history.
Over the last few days, thousands of fresh credit and debit card numbers have surfaced on so-called carding sites, which are websites where stolen credit card data is sold…So far, all roads point back to Home Depot. And if the evidence uncovered so far proves to be valid, the hack could top the record-setting breach of Target’s network last December.
It gets worse.
From security blogger Brian Krebs, who first broke both stories:
“…the breach could affect most of the retailer’s 2,200 stores, which is about 400 more than the Target breach.”
The worst part is that nearly four months passed between the time this breach occurred and the company confirming it. For Target, the time was three weeks.
This canned statement is the best that Home Depot’s PR department can do for now:
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate. Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
Just as Target emerged from the crisis with a new CEO and a new CISO to help repair its rep on the security front, so we expect some executive changes at Home Depot — the sooner, the better.
Do they really have any other options?
The lesson couldn’t be clearer for corporate clients: have a data breach crisis plan in place or else.