A number of banks have reportedly identified that Home Depot retailers all across the globe may have suffered a data breach due to the fact that a batch of cards just went up for sale on a cybercriminal underground forum, KrebsonSecurity reported.
September second, banks found a batch of credit cards acclaimed to be from the large home improvement and construction retail chain, Home Depot.
Home Depot spokersperson, Paula Drake, confirmed to Krebs that the company was investigating a Home Depot breach reading:
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Drake said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
The attackers behind the Home Depot data breach are the same collective Russian and Ukrainian hackers behind Target, Sally Beauty, P.F. Chang’s and a number of other high profile companies. The same black market selling the previous breached cards cards is housing the most recent two new batches of cards believed to be connected to Home Depot.
The group selling the cards has dubbed its newest United States batch, “American Sanctions,” and cards issued by European banks compromised in the US breach dubbed, “European Sanctions.”
Home Depot operates over 2,200 stores throughout the United States and also operates 287 location outside the U.S. including, Canada, Guam, Mexico, and Puerto Rico. While Home Depot has not released any information on how many stores may have been affected in the breach, public zip codes for breached stores were released on the forum selling the cards.
Krebs reported there were in total 1,822 ZIP codes published on the black market, and Home Depot operates locations in 1,939 unique ZIP codes (while they do own ~2,200 stores, it is safe to assume there are more than one Home Depot store per ZIP codes). The black market only had 10 zip codes listed that did not correspond with Home Depot’s nearly two thousand ZIP codes.
There were only 127 ZIP codes not on the black market that Home Depot did have listed, which means not all stores may have been breached. The black market, Rescator, holding the cards has only released a small portion of cards believed to be breached, meaning more ZIP codes could spawn in the coming days and weeks.
Krebs found that a staggering 99.4 percent of ZIP codes overlapped where Home Depot is operating. The company has only said they are investigating “unusual activity” and working with law enforcement on an investigation. Home Depot has set up a page regarding the ongoing investigation.
Krebs did cross-check the data with multiple sources who too confirmed and stated that 99.4 percent strongly suggests this is connected to Home Depot locations. If anyone wants to check the breached Home Depot locations Krebs had gone ahead and setup a .txt page on his website with all public ZIP codes.
To pile on the bad news, one bank reported the breach could date back to April or early May, meaning this breach lasted far longer than most high-profile data breaches. The Target data breach impacted 1,800 stores and lasted for three weeks which compromised nearly 40 million debit and credit card numbers. If the breach is connected to Home Depot, the data breach could be far more severe and make the Target breach appear quite small.