Home Depot hires security firms to investigate suspected breach
September 4, 2014 10:22 AM
Sept. 4 (Bloomberg) -- Home Depot Inc., the largest home-improvement chain, has enlisted Symantec Corp. and FishNet Security Inc. to help investigate a suspected data breach after learning of the possibility earlier this week.
Home Depot is working with the companies and other top information-security firms to review the situation, Paula Drake, a spokeswoman for the Atlanta-based retailer, said yesterday, without confirming that an intrusion has occurred. “Our forensics and security teams have been working around the clock since we first became aware of a potential breach Tuesday morning,” she said in an e-mail.
Home Depot is No. 16 in the Internet Retailer Top 500 Guide. The home improvement retailer did $2.758 billion in web sales in 2013—an increase of 53.75% from 2012.
Home Depot first announced that it was investigating the incident on Sept. 2, saying it was working with banks and law enforcement to figure out what happened. The disclosure followed a report by KrebsOnSecurity that a “massive” batch of stolen credit- and debit-card information was posted for sale online, possibly obtained from Home Depot stores.
“There is no higher priority for us at this time than to rapidly gather the facts so that we can provide answers to our customers.” Drake said yesterday. “We know these types of incidents can cause frustration and concern and we apologize for that.”
The probe follows a flurry of data-security failures. Last week, Bloomberg News reported that JPMorgan Chase & Co. and at least four other banks were targeted by hackers in a coordinated attack. Celebrities relying on Apple Inc.’s iCloud service to store photos also had nude pictures stolen and posted online in recent days. Over the past year, retail chains such as Target Corp., Supervalu Inc. and Neiman Marcus Group Ltd. have all endured attacks.
Home Depot shares fell 2.4 percent to $89 in New York yesterday, following a drop of more than 2 percent the previous day. The incident has also prompted credit-card issuers such as Citigroup Inc. to step up efforts to protect customers.
Kristen Batch, a spokeswoman for Mountain View, California- based Symantec, confirmed that the company was working with Home Depot. She declined to comment further. John Van Blaricum, vice president of marketing at Overland Park, Kansas-based FishNet Security, also declined to comment.
The suspected breach may have occurred in late April or early May and could encompass almost all of Home Depot’s roughly 2,200 U.S. stores, according to Brian Krebs, the founder of KrebsOnSecurity. That means it could be much larger than the Target incident, he said.
“The criminals are getting smarter faster than the companies,” said Jaime Katz, an analyst at Morningstar Inc. in Chicago. “If it is something on the scale of Target, there is obviously significant concern.”