According to a recent news release (via HD corporate), there definitely was a data breach that affected Home Depot’s payment data systems. If you paid with a credit card or debit card at any US or Canadian Home Depot store location, check your statements for potentially fraudulent activity.
Key Points:
The security breach has been officially confirmed.
Advertisement
There’s no evidence that PIN numbers associated with debit cards have been compromised.
Update: It has come to light that enough data was stolen where scammers can bypass or reset PIN numbers to gain access to funds linked to debit cards.
Customers of course won’t be held liable for fraudulent charges.
Home Depot is offering free ID protection and credit monitoring services to any customer that used a payment card at any Home Depot store between April 2014 and whenever the breach or security hole was patched up.
Daniel
Why is it necessary that credit card numbers are stored and kept for long periods of time for in-store point-of-sale purchases? Once the sale is logged and the transaction completed, all records should be wiped. The customer has the receipt and that is it. These data mining hacks would no longer be near as fruitful.
Corey
They have to be kept until the entire system reconciles and submits the CC data to their processor. Fundamentally, you’d be able to wipe the system nightly, but that assumes no errors at all.
Realistically, most large business should be able to clear the data in a week or so if they really crunched it.
Sk
If you have questions regarding the manner in which this took place, it is helpful to go to the source
Krebsonsecurity[com]
This data was ‘scraped’ at the time the card was read at the pos.
Also, if you read today’s post on the link above. You will find that not having pins for debit transactions is really not a problem and it is still possible for someone to drain your bank account
Stuart
Scammers could still make credit card transactions on the debit cards. Definitely still a big problem.
I had my credit card number stolen about 3 months ago. I wonder if it was due to this breach or another.
Clayton M
Mine was just stolen last month. These days, there are breaches at major retailers so often it is hard to identify where our particular compromises have been from.
Sk
It’s worse than that as most of your PCI is readily available and with a zip code ( this is part of the info being sold ) someone can hijack your bank account with 3 of 5 correct answers. As reported on Krebs
Dan
The only real way to stop card fraud is not to use them, but this has become almost impossible. I use cash whenever possible but in reality that is only normal everyday purchases and you do have to give up protection given by the card companies. At least they’re pretty good at sorting it out.
Larson
Guess I’m getting new cards… AGAIN
Hang Fire
Clarification… Customers aren’t liable for fraudulent charges IF THEY FINE AND REPORT THEM IN A TIMELY MANNER.