account-1778_640Home Depot announced recently that a security breach at its United States and Canadian stores over a six-month period may have leaked card information belonging to up to 56 million people.

If those figures can be confirmed, it would be one of the most damaging in a string of attacks that has targeted debit and credit card information in the past year. Other retailers have been feeling the sting of similar attacks. Target announced that during 2013, an attack may have compromised as many as 40 million cards. It was later revealed that in addition to card information, personal information was compromised for as many as an additional 70 million customers.

The Cost To Home Depot

Analysts believe that the total cost of the Home Depot breach, when it comes to a final accounting, could end up being several hundred million dollars. To add insult to injury, the Hope Depot breach appears to have been facilitated by malware loaded on the retailer’s POS systems.

Although the investigation is ongoing, analysts believe the attack can be traced back to cyber-criminals in Eastern Europe. The last few years have seen a surge in the number of cyber-attacks emanating from that region of the world. Global security strategists point out that hackers follow the money. Although they may not have access to sophisticated technology, they are very detail oriented and plan and execute attacks that can be devastating for businesses.

Are People Becoming Used To Cyber Attacks?

Unlike the Target breach in 2013, customers seemed to take the breach in their stride, with many of those polled saying that they would continue to shop with the home improvement giant. Analysts note that this may be, in part, due to the fact that home improvement shoppers don’t have as many options as those affected by the Target breach. An additional factor in the Home Depot breach is that nearly half of their sales are accounted for by professionals and contractor services, sectors of the market who tend to be very loyal. It isn’t uncommon for those buyers to make several purchases per week.

Customers may also be growing jaded following a string of breaches in recent years. Michaels, SuperValu, Sony, TJ Maxx, and Neiman Marcus have all reported security violations in which customer data was disclosed to unauthorized parties in the past five years.

The Clean Up

Investigators reported that the custom-built malware that enabled the attack allowed it to evade detection once it had been implanted in the company’s network. Home Depot has stated that the malware was removed from all of its systems and that the infected terminals have been removed.
Home Depot initially reported that the data breach cost an estimated 62 million dollars. However, an exhaustive investigation will take months to complete and is likely to drive that cost estimate considerably higher. It could be years before the full impact on Home Depot’s profitability is known.

“We apologize to our customers for the inconvenience and anxiety this has caused and want to reassure them that they will not be liable for fraudulent charges,” Chief Executive Frank Blake said in a statement about the security breach.