The Home Depot has been "working around the clock" to find a credit card breach, CEO Frank Blake told an audience at a global retailing conference on Thursday.
Blake said at the Goldman Sachs 21st Annual Global Retailing Conference that Home Depot’s customers would not be liable for any fraudulent credit card transactions related to the breach and that the home improvement retailer would provide free credit monitoring and identity theft protection for its customers "in the event it turns out there was a breach."
Meanwhile, Brian Krebs, a cybersecurity journalist who first broke news of the breach this week, wrote Wednesday on his blog Krebs on Security that the breach could involve nearly every Home Depot store across the country.
Krebs drew that conclusion based upon data he amassed from a cybercrime store that had been responsible for selling many of the cards stolen in the Target data breach late last year. According to a recent post, Krebs examined ZIP code data from two batches of cards presently for sale that at least four banks had tracked back to the Home Depot breach. He then cross-referenced that data with a commercial marketing list showing the location and ZIP code of every Home Depot store in America and found an overlap of more than 99 percent.
Krebs wrote that "experienced crooks prefer to purchase cards that were stolen from stores near them, because they know that using the cards for fraudulent purchases in the same geographic area as the legitimate cardholder is less likely to trigger alerts about suspicious transactions – alerts that could render the stolen card data worthless for the thieves."
According to recent news reports, Home Depot has enlisted Symantec and FishNet Security to help investigate the breach.
Blake also said at the conference that the retailer has already invested in hardware that would make its credit card terminals compatible with new EMV, or "chip and pin," technology, well in advance of the October 2015 liability shift for retailers that do not install EMV compatible technology.
Recent data breaches at Target, Neiman Marcus, Michael’s and more have increased interest in EMV technology. While EMV cards are not totally impermeable to attacks, they are much more difficult and expensive for cyber-thieves to counterfeit.
