by Ralph Eck | Sep 11, 2014
On Monday of this week Home Depot did indeed confirm that its payment systems had been breached and was struggling to define the total magnitude of the breach. The perpetrators of this crime apparently used the same method as was used against Target. In the Target case the breach was discovered after just three weeks and by that time it is estimated that approximately 70 million customers were affected. The current breach at Home Depot was been going on for months, possibly as far back as April of this year, thus an even larger number of accounts and customers may end up being affected.
After the theft of those account credentials at Target last December, the industry had assured that it would be moving quickly to put in place better and more secure systems and processes to protect customer data. Obviously this latest theft exposes the fact that many retailers likely remain vulnerable to hacks, and thus consumers are still experiencing the damage of this risk. Home Depots chief executive has released a statement that said, “We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue. We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.” Home Depot has stated that it is committed to providing free identity protection services to any customer who used a card at its stores since April. At this time the final numbers of customers actually having experienced a theft of their credentials is not determined. Home Depot is one of the world’s largest retailers and has more than 2,000 stores in the U.S., Canada and Mexico. It appears that the stores in Mexico and online transactions have not been compromised. But considering the fact that this period of time was a record spring shopping period for the retailer it is expected that the damages will still be monumental.
Home Depot and Target are not alone in the damages that hackers have been causing of late. Just this week we have also seen press releases reporting the theft of 5 million Gmail account names and passwords and the hack into the USA healthcare site, Healthcare.gov. To keep perspective on this we should point out that Gmail currently has over 500 million accounts so the the theft reported this week affects 1% of this, and apparently the account information being sold online was rather old and the actual number of impacted accounts will probably be in the hundreds of thousands. The Healthcare.gov hack is both troubling and embarrassing for the government as the servers hacked were test servers (that is the good news, if you can say that any of this is good). What is terrible and frightening is that these test servers should not have been connected to the internet, the manufacturers default password was still in use and the servers were not subject to security scans. The troubling part is that this is a website that contains very private healthcare information and the thought that such lack security and basic protection steps is inexcusable.
It seems the list goes on and on. In a recent Forbes article it was reporting the following…
“Bartell Hotels – As many as 55,000 guests who stayed at San Diego hotel chain may have had their credit card data and names compromised. Bartell Hotels’ investigation revealed that an attacker compromised the payment card processing system at five of Bartell’s seven hotel locations between February 16 and May 13, 2014. While the investigation is ongoing, the hotel is urging its customers to check their credit reports and monitor for fraud.
Memorial Hermann Health Systems – For more than six years, an employee at Memorial Hermann Health Systems in Texas improperly accessed health records belonging to 10,604 patients. In a press release on their website, the hospital said it discovered that an employee was accessing electronic medical records on July 7, 2014—and that this had been going on since December 2007. The information breached included health insurance information and some social security numbers. After an investigation, the employee’s access to medical records was suspended. Memorial Hermann says it has privacy training in place for all employees, but the hospital’s privacy policies are now under review.
California State University East Bay – Approximately 6,000 faculty and students at CSU East Bay were notified that their personal information may have been accessed in a website breach a year earlier. On August 11, 2014, the university discovered that faculty and student information had been accessed nearly a year earlier. An investigation revealed that an “unknown third-party broke into a University web server using an overseas IP address and a software tool designed to secretly access information on the server.” Names, addresses, Social Security numbers, and dates of births were accessed from the server which contained employment records and course information.”
It seems that in our digital online world as quickly as new security systems are in place, the cyber thugs are trying new ways to break in. The words of the day are; caution, diligence, hyper security and for goodness sake – change your password periodically and select high rated ones. Don’t make it easy for the thieves.
Category: Articles | Tagged No Comments.