The Home Depot Data Breach


The theft of payment card information has become a common issue in today's society. Even after the lessons learned from the Target data breach, Home Depot's Point of Sale systems were compromised by similar exploitation methods.

On September 8th, 2014, Home Depot released a statement indicating that its payment card systems were breached. The statement stated that the investigation started on 2nd Sept. They were still trying to determine the actual scope of breach. Home Depot explained that they would be offering free credit services to affected customers who used their payment card as early as April of 2014 and apologised for the data breach. They also indicated that their Incident Response Team was following its Incident Response plan to contain and eradicate the damage and was working with security firms for the investigation. 

The unfortunate thing is the way the attacker’s infiltrated the POS networks and how the attackers were able to steal the payment card data, were the same methods used in the Target data breach. The attackers were able to gain access to one of Home Depot’s vendor environments by using a third-party vendor’s logon credentials. Then they exploited a zero-day vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment. Once they were in the Home Depot network, they were able install memory scraping malware on over 7,500 self-checkout POS terminals. This malware was able to grab 56 million credit and debit cards. The malware was also able to capture 53 million email addresses. The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.
  
There were several countermeasures Home Depot could have had in place to prevent the breach from happening and to have been able to detect the breach sooner, minimizing the impact. Home Depot didn’t have secure configuration of the software or hardware on the POS terminals. There was no proof of regularly scheduled vulnerability scanning of the POS environment. They didn’t have proper network segregation between the Home Depot corporate network and the POS network. The last two controls that were lacking were proper monitoring capabilities and the management of third-party vendor identities and access.

Home Depot did have Symantec Endpoint Protection installed in their environment. Symantec Endpoint Protection (SEP) is an antivirus solution. The problem is that they did not have an important feature turned on in the product called “Network Threat Protection”. Another secure configuration missing was the use of Point-to-Point (P2P) encryption. This allows payment card data to be encrypted at the point of swipe and allows the data to be encrypted in memory. Network segregation is another big gap in this breach.


 Home Depot breach could have been prevented by taking a proactive approach. Learning how Target was breached in December of 2013 should have immediately prompted Home Depot to assess their environment and address the gaps that existed before becoming compromised. 

 


Comments

  1. Unknown15 April 2018 at 11:44

    Data breach of such sensitive content is a serious issue.

    ReplyDelete
  2. Unknown15 April 2018 at 12:06

    Data breech as mentioned above could have been prevented if the point to point data encryption was done a check and also the very much a useful common thing which we all generally do that is Network threat protection.
    These issues have always been there since a long and has been increasing every now and then. Such initiatives must be taken which can appeal people to be careful

    ReplyDelete
  3. Kartik15 April 2018 at 12:19

    As we're closing in on the fully digitized era, importance of data security is now of highest priority.

    ReplyDelete
  4. Vk15 April 2018 at 15:21

    The company should have considered such a scenario beforehand and upgrade their security levels.

    ReplyDelete
  5. $oM€$h15 April 2018 at 18:09

    POS networks should be carefully configured else it's security can be compromised.

    ReplyDelete
  6. shrinish_00115 April 2018 at 18:17

    Nicely written. The information on the cause, its effects and the solutions to the stated breach of Credit Card Systems of Home Depot, are very well segregated in paras for clear understanding.

    ReplyDelete
  7. Unknown15 April 2018 at 19:51

    Such information should be shared as much as possible to make people aware of possible problems , reasons and solutions.

    ReplyDelete
  8. Unknown16 April 2018 at 05:29

    The POS terminals must have secure configurations to avoid such kind of breaches.

    ReplyDelete
  9. Unknown16 April 2018 at 06:19

    Point to point encryption is necessary in case of payment cards to avoid data breaches.

    ReplyDelete
  10. Just DSPP Things16 April 2018 at 06:20

    Even with Symantec endpoint protection, the data was compromised!

    ReplyDelete

Post a Comment