Home Depot reported Thursday that in addition to the credit card data that was stolen by hackers in September, files containing 53 million emails were included in the breach.
Although stolen email addresses seem less important than payment information, the data breach could produce more fraudulent activity through phishing attacks. Service providers can help educate their customers about recognizing and avoiding email scams.
With the number of recent hacks, it’s not surprising that a recent Harris poll poll found American’s concern over cybersecurity is even higher than worries over national security. The Target incident exposed 70 million accounts and the JP Morgan breach affected 76 million people along with 7 million small businesses. Kmart and Dairy Queen have yet to release the number of customers that were affected in their hacks.
Home Depot’s security team determined that a third-party vendor login was used to breach its network. Once hackers had access they acquired higher administrative rights that allowed them access to deploy malware on the self checkout systems. The method employed to gain access to the network yet again highlights the importance of basic security measures and educating employees to keep login information private.
“…the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot’s security partners,” according to the press release. “As the company announced on September 18, the hackers’ method of entry has been closed off and the malware has been eliminated from the company’s systems.”
“Banks around the U.S. report that the breaches have led to a surge in fraudulent transactions,” according to CBS News. “One credit union in Colorado, the Air Academy Federal Credit Union, said in September that it had blocked about $20,000 in potentially fraudulent activity tied to debit cards compromised in the Home Depot breach.”
Having measures in place to prevent hacking in the first place is the best strategy to prevent leaking sensitive data. In a previous conversation with the WHIR, Andrew Avanessian, EVP of Avecto Consultancy & Technology Services, said there are generally commonalities between the kinds of breaches at companies like JP Morgan, Target and Home Depot. Implementing simple security measures such as administrative privileges and blocking all programs that aren’t whitelisted takes care of most potential security holes. These are among some of the suggestions made by the Council on Cybersecurity.
Home Depot is continuing to offer free credit monitoring services to any customer who used a card at a Home Depot store in 2014.