On September 2nd, news outlets began reporting a massive data breach affecting customers who shopped at Home Depot’s brick and mortar stores since April of this year. As with previous cyber attacks targeting Albertson’s, Neiman Marcus, Michael’s, P.F. Chang’s, and SuperValu, the Home Depot breach resulted from point-of-sale systems infected with malicious software designed to swipe sensitive data from credit cards used at affected registers. Unlike last year’s widely reported Target hack, which resulted in the theft of 40 million credit and debit cards from nearly 1,800 of its stores over a period of three weeks; the Home Depot breach remained unnoticed for nearly five months, and appears to have hit nearly all of Home Depot’s 2,200 stores. According to Internet fraud expert Brian Krebs, who first reported the breach, if the preliminary data is accurate, the Home Depot hack is likely to be many times larger than Target’s. Credit protection firm BillGuard estimates that the final cost of this latest data breach will be between $2 billion and $3 billion (USD).
The data breach at Home Depot is only the latest in a string of cyber attacks to be reported by the national media, all of which are believed to be the work of the same group of Russian and Ukrainian hackers.
- In September 2013, hackers swiped personal data, account passwords, and credit card information from an estimated 152,000,000 Adobe customers.
- The Target hack occurred between November 27th and December 15th, 2013.
- Neiman Marcus reported that data from 1.1 million credit cards was stolen between July 16th and October 30th, 2013.
- 54 stores belonging to craft supply retailer Michael’s and its subsidiary, Aaron Brothers were affected from early-Summer 2013 to late-Winter 2014.
- 180 SuperValu-owned grocery stores were compromised between June 22nd and July 17th, affecting customers in 18 states.
- In addition to SuperValu, customers of grocery chain Albertson’s and its subsidiaries were affected in 24 states.
As of now, the attack on Home Depot appears to be the worst of these data breaches; but certainly not the last; and as similar incidents occur with greater frequency, the question becomes not whether you will be affected, but when. If you’ve shopped at one of Home Depot’s brick and mortar stores in the last five months—or if you just want to know what steps to take to avoid being the victim of credit card fraud and/or identity theft—there are a few steps you can take.
First, check your bank and credit card statements carefully. Security experts and credit card issuers are quick to remind consumers that they are not liable for fraudulent charges made on their accounts; but not all of these charges will be detected. Sites that sell stolen credit card information typically include the cardholder’s zip code and other sensitive personal information to allow their customers to make large purchases without raising raising red flags.
Check your credit report; but avoid sites that charge a fee to provide you with this information. According to U.S. law, you are entitled to one free credit report from each of the three major credit bureaus—Equifax, Experian, and TransUnion. Request a report every four months, each time from a different bureau, either directly from the bureau’s website or at www.annualcreditreport.com. Monitor your credit report for unauthorized accounts or credit cards opened without your knowledge.
Verify your address with the postal service and all of the financial institutions with which you do business. Identity thieves have been known to fill out change of address forms for their victims to ensure that delinquent credit notices remain undetected for as long as possible.
Regularly change your passwords on e-mail accounts, as well as financial institution and retail websites. Select a unique password for each account, and make sure it includes both lower- and upper-case letters, numbers, and special characters. Never use the same password for multiple sites; and avoid accessing your online accounts from publicly accessible computers.
Be wary of unsolicited e-mails or phone calls informing you that your credit card information has been stolen. Scam artists will take advantage of the panic that follows a major data breach by asking victims to verify their personal information, user id, and password; either over the phone, or on a website designed to be virtually identical to a site that you may frequent.
Shred your bank statements, credit card bills, and any other document containing personal information that could be used to steal your identity. Criminals have been known to commit hacks via social engineering, armed only with the information on a victim’s credit card billing statement.
None of these steps is, by itself, sufficient for protecting yourself against credit fraud; but regularly performing these actions as a matter of personal financial maintenance can significantly minimize the damage of identity theft. As an added measure of security, Home Depot has followed in Target’s footsteps by offering their customers one free year of identity protection services; but until major retailers take steps to ensure that these data breaches don’t happen again, consumers should be ready to make a habit out of protecting their own information.