Home Depot latest chain investigating possible breach; Target, DQ make changes


The latest investigation of a customer data breach in the retail world could be even bigger than the one that hit Target last year.

Cybersecurity journalist Brian Krebs, who first reported on Target's breach, now says there's evidence Home Depot stores may have been hit by the same hackers.

Krebs reports Home Depot confirmed Tuesday the company is working with banks and law enforcement on an investigation into whether the payment card information of customers was compromised. The retailer's statement said in part:

"If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”

Minneapolis-based Target is coping with the financial fallout of the breach that compromised debit and credit card numbers of 40 million customers last November and December.

Krebs says his report about Home Depot is based on "a massive new batch" of stolen credit and debit card numbers that were being sold Tuesday on underground websites used by cybercriminals. He says evidence suggests a Home Depot breach may have been going on for months.

The Associated Press reports Target is accelerating its $100 million plan to update security by changing its credit card technology to a chip-based system in all of its nearly 1,800 stores.

The Department of Homeland Security estimated last month that the malicious software known as Backoff may have infected the point of sale systems of more than 1,000 American businesses, many of which may not be aware of it.

SuperValu, the Eden Prairie-based parent company of supermarket chain Cub Foods, announced this summer it is looking into a possible breach that may have occurred during June and July.

Meanwhile, the Pioneer Press reports Dairy Queen, another Twin Cities-based company looking into a possible breach, says some of its locations are adopting "low risk methods" of processing payment cards, while others are accepting cash only.

Next Up