Several weeks ago the word started to spread in the cyber security community that yet another big retailer, this time Home Depot, had been hacked. At that time the company said they were looking into the incident. Today Home Depot made it official when the company’s CEO, Frank Blank, admitted that they were indeed hacked by person or persons unknown and that the data from some 56 million charge cards had been exposed. While 56 million is not a record loss, it far surpassed the infamous holiday breach of Target in 2013 when 40 million cards were exposed. Right now Home Depot estimates that the cost for the breach will be at least $62 million dollars and may go much higher. The final cost of the Target breach reached nearly $150 million dollars.
According to reports, Home Depot has located and removed the malware that was installed into its digital system. The malware was a custom piece of software that went undetected in the company’s system from April 2014 to the discovery in early September. One would hope that the company was thorough in removing every aspect of the malicious software.
The extended length of time that the malware was in operation is disturbing on several fronts. First, one has to wonder how the malware could have operated for such a long period of time without being discovered – by either some intrusion detection device or through careful monitoring by system administrators. In fact, it wasn’t even discovered by Home Depot administrators until they were notified by outside sources of suspicious activity regarding customer accounts (reaffirming that most breaches are detected by an outside source). Second, with all the high profile breaches in recent months of other retailers such as TJMaxx, Target, Neiman Marcus, Michaels, and Sally Beauty, you would think that every retailer, large and small, would be on high alert for unauthorized intrusion of their network and with beefed up security.
These massive cyber breaches are becoming a common occurrence in our daily lives and the yawn factor has increased with the public when hearing that yet another breach had occurred. It appears that despite countless corporate dollars spent on cyber security, clever hackers are capable of finding a way in, around or through cyber defenses. Much like a chess match, for every move there is a counter move and both sides in this ongoing struggle refuse to give up the match.
We can probably expect more of these massive breaches in the near future and growing public apathy about the entire situation. In a sense we are becoming desensitized to the breaches to the point where the stories no longer excite us and the cyber breaches that once grabbed banner headlines slip below the fold and then back to the financial section of the paper. With so much going on in the world, it is a small wonder. We live in interesting times.