Home Depot Lost 53 Million Email Addresses On Top Of All That Credit Card Information
Remember the 56 million credit and debit cards Home Depot lost earlier this year? If you're nodding vigorously because you were one of the unlucky customers affected, sit down — things are about to get worse. Home Depot also compromised 53 million email addresses that may be used by hackers for various phishing scams and other illegal, duplicitous activity. But there is a silver lining — according to the statement Home Depot released on Thursday, hackers did not manage to make away with "passwords, payment card information or other sensitive personal information."
The same malware that was used to extract credit and debit card information was also used to obtain customers' email addresses, the retail giant said. Hackers managed to gain access to Home Depot's internal systems by way of a third party's credentials, which have since been eliminated. The data breach was one of the largest of its kind and used a type of malware not previously used in any other security hacks. Those responsible for the breach managed to access information by installing their program on self checkout machines used across stores in the United States and Canada. The Home Depot has since cleared its system of the problematic software and made considerable revisions to its security measures, including "enhanced encryption of payment data" which will made available to all stores in the US and Canada by early 2015.
In their statement, the retailer noted that the latest information to arise from the data breach, though somewhat frightening in sheer volume, will probably be rather irrelevant in the grand scheme of things. Said Home Depot,
In all likelihood this will not impact you. But, as always, it’s important to be on guard against phishing scams that are designed to trick you to provide personal information in response to phony emails.
Even so, customers are urged to stay vigilant about potential schemes that may result from the compromised information. For example, Home Depot notes, "It is important not to give out personal information on the phone, through the mail or on the Internet, unless you have initiated the contact and are sure of who you’re dealing with." In 2013, phishing resulted in a total loss of about $5.9 billion over the course of 450,000 attacks, so it is critical for consumers to remain on the lookout for potential scams.
Moreover, Home Depot notes, "You should not click directly on any email links if you have any doubts about whether the email comes from a legitimate source." Unfortunately, some of the most elaborate phishing attacks are phenomenally well-executed, taking familiar company logos, content and other information to create convincing messages aimed at unsuspecting customers. It is estimated that for every 100,000 targets, around eight take the bait and open dangerous emails.
Phishing is also particularly dangerous because of how cost-effective it is for hackers and other criminals to run them. A mass phishing attack — which targets a large number of users randomly — costs only $2,000 to complete, and even the more sophisticated spear phishing attacks — which specifically targets a smaller number of people — costs around $10,000. And each successful victim of these attacks can make criminals as much as $2,000 or $70,000 respectively. So stay wary, Home Depot customers.
Of course, the home improvement seller isn't the only major retailer that has been plagued with security issues this year. Target also suffered a huge blow near the beginning of the year when they lost a stunning 40 million credit and debit cards along with personal data of around 70 million customers. As a result of both of these breaches, customers have reported seeing a higher number of spam emails, though it seems that most have been careful to avoid them.
Then there was also the JPMorgan hack, which compromised the data of 76 million households, proving that no industry is safe from these attacks. The American government has also fallen victim to cyberattacks, reigniting Cold War-esque fears about Russian technological capabilities. Over the last year alone, the arts and crafts centered Michaels Stores, department store Neiman Marcus and restaurant chain P.F. Chang's have all been victims of hacking, and each reported that credit card information was the main draw for criminals.
As the instance of these attacks continues to rise, a greater push has been made for Americans to implement the chip and PIN system used by Europeans that many believe would greatly reduce credit card theft and fraud. Whereas our current system relies on a magnetic stripe, a swipe and a signature to verify purchases, the chip and PIN system is a tap-and-go that requires a unique PIN for authorization. This would make fraud much more difficult, as forging a signature is much easier than guessing a multi-number password. But despite its proven success in Europe, Americans remain reluctant to make the switch, citing the high cost of implementing new card readers, the possibility of criminals finding a way around the system and liability issues as reasons to stay with the tried and not-so-true.
Regardless, something's gotta give because otherwise, Home Depot and others are just going to keep losing our information.
Images: Getty Images (4)