UNITED STATES RETAIL CHAIN Home Depot has warned its customers that it is taking reports about a payment data security breach seriously and will, if necessary, offer its customers credit checking and protection services.
Reports portray the security breach as a done deal, but the message from the US do it yourself (DIY) retail firm is 'wait and see', with a whiff of 'don't panic'.
To keep customers updated, we've posted a message about news reports of a possible payment data breach http://t.co/0ohhd4cn3P— The Home Depot (@HomeDepot) September 3, 2014
"We're looking into some unusual activity that might indicate a possible payment data breach and we're working with our banking partners and law enforcement to investigate. We know that this news may be concerning and we apologize for the worry this can create," it said. "If we confirm a breach has occurred, we will make sure our customers are notified immediately."
It helpfully suggests some actions that its customers should take for themselves. The company advises any customers who are concerned about a gap in the Home Depot security fence to monitor their accounts and tell their bank if they notice anything unusual.
At its end, the DIY firm will carry out internal studies and will offer credit protection advice and services. It said that that customers' banks will take the burden of any financial losses.
It added, "We're working hard to get you the information you need as quickly as possible and will continue to provide updates as we learn more."
Consumers and the security industry are getting used to these kinds of alert, and we have seen many companies make similar announcements. According to industry security experts the pickings are so rich that hackers cannot resist the lure of the payment infrastructure.
"Hackers are certainly not worried about any potential changes in our credit card infrastructure. When a fox sees a hen he doesn't think of the eggs," said Russ Spitler, VP of product strategy for Alienvault.
"We are seeing a stark reality of the economic incentives the hackers are exploiting. Major retail chains are easy targets because they have not invested in cybersecurity. Hackers are focusing on retailers because 'that is where the money is' - it is the easiest target with the greatest reward."
Zscaler Labz VP of research Michael Sutton said that US retailers like Home Depot and Target could provide their customers with more protection through the use of "chip and PIN", which is used in the UK.
"Home Depot has joined the not-so-exclusive data breach club," he said. "These breaches could have largely been avoided had US retailers adopted the 'chip and PIN' technology mandated in debit/credit cards in most industrialised countries.
"The technology has not been widely adopted in the US primarily due to lobbying by retailers who were concerned about the cost of implementing the technology." µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted