Home Depot Hack News: 56 Million Cards Compromised in Massive Home Depot Hacking
Home improvement retailer Home Depot has admitted that some 56 million credit and debit cards might have been exposed in a five-month cyberattack on its payment terminals. This has led to numerous fraudulent transactions all over the United States, siphoning off cash from the bank and credit card accounts of customers of the do-it-yourself home repair store.
The Wall Street Journal disclosed that criminals are using information from the compromised cards to buy prepaid cards, electronics and even groceries.
The size of the Home Depot breach is the biggest on record, much larger and longer than the 40 million cards that were compromised in the hacking of Target stores in December 2013.
In some cases, the fraudulent transactions have been tracked to batches of cardholder accounts that are tied to specific ZIP Codes, industry sources said.
They said US financial institutions have begun massive efforts to block dubious transactions. Aside from Home Depot and Target Corp., other merchants like Neiman Marcus Group Ltd., grocer Supervalu Inc. and Asian restaurant chain P.F. Chang's China Bistro Inc. have also been victimized by cyber criminals.
Following the Home Depot data breach, Visa Inc. and MasterCard Inc., the networks that process card transactions, have issued alerts to thousands of financial institutions, telling them to be on the lookout for fraudulent transactions.
The networks said the stolen information included account numbers, cardholder names and card-expiration dates—data needed to produce counterfeit cards.
The Home Depot breach has prompted banks and credit unions to undertake intensive checks of debit-card and credit-card transactions for signs of fraud that could be tracked to the hardware store chain.
Officials revealed that they are having a hard time in investigating the data breach since victimized cardholders might have shopped at more than one merchant that had been attacked, making it difficult to decipher which fraudulent transaction is tied to which breach.
Fraud losses from bank and credit-card accounts amounted to $16 billion in 2013, a 45 percent increase over the previous year's losses, according to Javelin Strategy & Research, a consulting firm.
Banks do not usually penalize customers who have been victimized by unauthorized transactions. But they have to file official documents denying that they made the unauthorized purchases.
Some major financial institutions, including J.P. Morgan Chase & Co. and Capital One Financial Corp., have started issuing new and more secure cards to customers whose data were exposed in the Home Depot hacking. Other lenders also issue new cards when they see fraud attempts.
Sources said many of the fraud or attempted fraud cases are occurring within the U.S.
One of the victims of the Home Depot hacking explained how she came to know about the anomalous transactions.
Jessica McFarland said she was home in Kalama, Washington, one Saturday afternoon when she received a fraud text alert from her credit union, asking if she was buying groceries in San Francisco with her debit card.
The stunned 26-year-old waitress and college student replied that she could not possibly have done that since she was in Washington.
The credit union froze her card, but not before $300 had already been taken away from her account to pay for the groceries. What was more galling was that the thieves were still trying to buy more groceries with her card even while she was reporting the crime to the credit union.