Home Depot has yet to confirm the breach, working with law enforcement

Sep 4, 2014 15:03 GMT  ·  By

New information about the cyber-attack on the Home Depot store chain reveals that almost all locations have been affected by a credit and debit card data breach that could be the largest ever.

Card information advertised for sale on Monday on an underground forum was linked by multiple financial institutions to the stores of major retailer Home Depot.

Security blogger Brian Krebs managed to obtain the postal codes for the card data and proceeded to match them against the ZIPs of the Home Depot stores across the US.

“A comparison of the ZIP code data between the unique ZIPs represented on Rescator’s site, and those of the Home Depot stores shows a staggering 99.4 percent overlap,” he found.

Krebs extracted 1,822 codes from the credit card data on sale on the underground forum (rescator[.]cc) and found that there were 1,939 unique ZIPs corresponding to Home Depot locations.

The blogger says that ten of the codes from Rescator’s card data are not associated with Home Depot locations; this means that 99.4% of the codes found on the forum belong represent store locations. Also, 127 ZIP codes of the retailer’s stores were not among the information pulled from the card data.

Comparing the total numbers, results that 93.4% of the Rescator codes actually match Home Depot ZIPs, too high a proportion not to be considered evidence of a breach.

There is speculation that this breach could be many times larger than the one that hit Target last year, where credit and debit card details belonging to 40 million customers were stolen from almost 1,800 stores, in a period of three weeks.

In the case of Home Depot, the financial institutions say that the incident may have occurred in late April or early May this year. With months to extract information from the company’s systems, the theory is plausible.

Home Depot has been alerted by the possible breach and started an investigation into the matter. The company has not yet released an official statement to inform that their systems leaked card information.

However, officials stated that an analysis of unusual activity on their computers is ongoing, in cooperation with law enforcement and banking partners.

“If we confirm a breach has occurred, we will make sure our customers are notified immediately,” a communication from the retailer says.

It is believed that the same actors responsible for stealing card information from Target and P.F. Chang’s PoS systems are behind this incident.

Daniel Ingevaldson, CTO at Easy Solutions, says that no matter the price asked by the crooks for the data, it is likely to come down fast, “as the window of opportunity to profit from stolen cards has shrunk. This has happened because financial institutions have become smarter about dealing with these attacks.”