It appears that Home Depot's security breach woes aren't over yet. The company announced yesterday that in addition to the 56 million credit card accounts that were compromised, hackers gained access to about 53 million customer email addresses in its April breach.
Two months of in-depth investigation by the company, third-party security experts and law-enforcement agencies revealed the extent of the breach, and it is now clear that Home Depot's systems were invaded using the methods leveraged in the Target attack.
"If we rewind the tape, our security systems could have been better," Former Home Depot CEO Frank Blake told the press. "Data security just wasn't high enough in our mission statement."
The hackers apparently gained access by using login credentials gleaned from a third-party vendor, then jumping into the company's internal systems by taking advantage of a vulnerability in Microsoft's framework. Microsoft did issue a patch that Home Depot applied, but at that point hackers were already able to gain entrance to point of sale systems.
The cyber-criminals seemed to target 7,500 of the store's self-checkout lanes, because they were clearly labeled as points of sale. The other 70,000 cash registers, however, were only labeled by number, thereby eluding the hackers' notice.
The criminals were able to operate for five months undetected, because they operated during normal business hours and erased their tracks as they funneled information out of the main system.
The company is now warning customers that hackers could use their personal email addresses to launch phishing campaigns, sending out emails pretending to be official institutions and asking individuals to click on a link or offer their login or personal information.
Don't let your company be caught off guard. Upgrade your credit card payment processor today for maximum security and minimal anxiety.