The data breach which affected the personal information and credit cards of nearly 110 million Target customers last December and ultimately resulted in its CEO, Gregg Steinhafel, resigning five months later, has changed form from big box to home improvement.
Home Depot was reportedly hit by a wave of attacks uncovered last week which affected "nearly all" of the company's stores across the nation -- and according to security consultant Brian Krebs, the attacks utilized an updated strain of the same malware that was deployed in the Target breach.
It is unknown exactly how many customers were affected in Home Depot's data breach, but considering the number of retail stores affected, it's not unlikely that the count could number in the millions. Since the attack used BlackPOS, the same malware used in the Target breach, Home Depot's breach may include credit card numbers, ZIP code data, and other sensitive personal information.
Perhaps more interesting is the potential source of the attacks: the stolen credit card information from the Target breach was sold predominantly on one website, which Krebs says is maintained by a young programmer from Odessa, Ukraine -- a city which for months has been the epicenter of death and violence between Russian separatists and Ukrainian forces. Odessa is noted for its particularly high Russian population, which makes up the largest minority group in the city, and the programmer's personal sites are rife with anti-American rhetoric. Political cartoons depicting America as the firestarter for numerous overseas conflicts, and a particular idolation for the late dictator Muammar Qaddafi, are amongst the commentary presented by the programmer.
It's unknown whether this young man from Ukraine actually created and distributed the malware, but his connection is clear considering the role of his site as a predominant place to obtain stolen credit card data from the breaches. What's more concerning is the apparent susceptibility of major international retailers to malware (potentially) originated by a website run from a war-torn nation.
POS attacks are becoming an increasingly major issue as more and more stores struggle to protect their customers' data privacy and update old, outdated systems. Aside from recent news of major retailers hit by malware attacks, even delivery company UPS has revealed that 51 of its stores were hit by POS malware within the past year.
With official investigations and cautionary statements being released by the FBI in response to wave after wave of POS attacks, it may be worth the time to think twice about swiping your card when you shop at a major store in the future.
Source: Krebs on Security | Image via Shutterstock - Home Depot in Sacramento, CA
31 Comments - Add comment