Home Depot has announced that 56 million of its customers cards may have been compromised during the 6 months that their POS terminals had been breached. This makes the Home Depot attack larger than last years credit card credentials theft at Target (40 million cards compromised)during the holiday shopping season. Estimates of the financial damage to Home Depot, for investigation, credit monitoring service, call center staffing and other costs, will run into the tens of millions of dollars, if not more.
As we have stated in earlier articles this just further highlights the vulnerability of retailers payment systems. The good news, at least looking forward, is that Home Depot had already initiated the implementation of a new system to harden the POS defenses. The new system was contracted back in April (while the hackers were already stealing the card info – unknown to Home Depot at the time) and the installation has now been completed. In a recent press release, Chief Executive Frank Blake apologized for the breach and said customers wouldn’t be liable for fraudulent charges.
While the company acknowledged that it suffered a credit and debit card breach in its U.S. and Canadian stores, Home Depot was quick to assure customers and banks that no debit card PIN data was compromised in the break-in. This sounds reassuring but multiple financial institutions are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts. So don’t relax just yet. Home Depot is offering, free of charge to any customer who used his card during this period, identity theft protection. So if you were indeed one of these customers, get yourself registered with Home Depot now. By offering free identity theft protection to customers for one year. The service, through AllClear ID, would normally cost $14.95 a month. Home Depot also promises no customer will be responsible for fraudulent charges. (You can sign up through Home Depot’s web site, www.homedepot.com or by clicking here or by calling Home Depot at 800-466-3337.) You should also immediately contact your bank and request that they issue you a new credit or debit card and cancel the old one. Many banks are re-issuing credit and debit cards that were compromised — some automatically and some only at a customers’ request. But this just the start of what you may want to consider doing to protect yourself if your info was stolen and then sold.
You may want to think about contacting the major credit bureaus and request they freeze your credit files. By doing this, so no new accounts can be opened without your authorization. You obviously should continue to monitor your own accounts for any kind of new or suspicious activity. And watch out for odd emails, letters or phone calls. Even more so than normally, you should be extremely suspicious (boarding on the paranoid) of unexpected emails or calls or letters that ask for personal information or direct you to click on an attached link. People are probably already getting fraudulent emails from thieves posing as Home Depot. If you sign up for the identity theft monitoring through Home Depot, all of their emails will come from [email protected]. But even this is a reason to be careful (don’t relax) as there are, in all probability, thieves already spoofing this. Check the actual sender of the email, not just the name that appears as the sender in your email box. Be careful and verify!