Preview

Home Depot Data Breach Case Study

Good Essays
Open Document
Open Document
598 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Home Depot Data Breach Case Study
Case Study: The Home Depot Data Breach
1. Security Problem/Incident
The theft of payment card information has become a common issue in today’s society. Even after the lessons learned from the Target data breach, Home Depot’s Point of Sale systems were compromised by similar exploitation methods. The use of stolen third-party vendor credentials and RAM scraping malware were instrumental in the success of both data breaches. Home Depot has taken multiple steps to recover from its data breach, one of them being to enable the use of EMV Chip-and-PIN payment cards. Is the use of EMV payment cards necessary? If P2P (Point to-Point) encryption is used, the only method available to steal payment card data is the installation of a payment card skimmer. …show more content…
The unfortunate thing is the way the attackers infiltrated the POS networks and how the attackers were able to steal the payment card data, were the same methods used in the Target data breach. The attackers were able to gain access to one of Home Depot’s vendor environments by using a third-party vendor’s logon credentials. Then they exploited a zero-day vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment.
Payment card information is sold by cyber-criminals frequently. In more recent retail breaches, they have been able to steal payment card information from millions of customers and sell it online in what is known as the “Darknet.” Once the cyber-criminal has stolen the payment card information, there is a process that takes place in order to put the information on sale on the Darknet and for the cyber-criminals to make money. The first step in the process is selling the payment card information to brokers. The brokers buy the payment card information in bulk and sell the information to “carders” on carder websites. The definition from “How ‘carders’ trade your stolen personal info” says, “Carders are the people who buy, sell, and trade online the credit card data stolen from phishing sites or from large data breaches at retail stores”. An example of a carder website is Rescator shown in Figure 1 below (Lawrence, 2014). As you can see, the site has full search capabilities based on the type of card you are searching
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Case Analysis: Home Depot
    • 153 Words
    • 1 Page

    Case Analysis: Home Depot

    Home Depot and its subsidiaries provides excellent customer service for home improvements, lawn products, and building material. The company stocks about $30,000 to $40,000 different types of home improvement supplies and other merchandise. The Consolidated Financial Statement reports the assets, liabilities, expense, and the amount of revenues for the company. In fiscal year 2013, The Home Depot recent quantitative assessment were completed. In tax year 2014, Home Depot completed its’ annual assessment in order to recover the reporting units from the different countries.…

    • 153 Words
    • 1 Page
    Satisfactory Essays
    Read More
  • Good Essays

    Nt1330 Unit 6 Paper
    • 853 Words
    • 4 Pages

    Nt1330 Unit 6 Paper

    In my opinion the PCI-DSS standards in place should lead to a secure network and ultimately protect the cardholder data. The Payment Card Industry (PCI) data security standard has important requirements like maintaining a firewall configuration, regularly updating anti-virus software, encrypting transmission of cardholder data across open, public networks to name a few. Unfortunately, the auditing practices at TJX were poor and did not identify the real problems with the TJX systems. The were three crucial issues with the TXJ systems. The first one was the absence of network monitoring; according to the PCI standards, a firewall or a “do not use vendor-supplied defaults for system passwords” was required. They also violated the second PCI standard of protecting the cardholder data by not keeping data logs, and the presence of unencrypted data stored on the system. The stolen information was from old transactions from 2002 which were supposed to be…

    • 853 Words
    • 4 Pages
    Good Essays
    Read More
  • Good Essays

    It/205 Week 5 Checkpoint
    • 928 Words
    • 4 Pages

    It/205 Week 5 Checkpoint

    The thieves used several entry points to access TJX corporation systems. They accessed many TJX’s retail stores through poorly secured kiosks. The hackers opened up the back of those terminals and inserted USB drives to install utility software that enabled them to turn the kiosks into remote terminals linked to TJX’s networks. The firewalls that TJX use and had in place did not have enough security to offer and let bad traffic in from the in-store kiosks. The hackers also used mobile data access technology to decode data transmitted wirelessly between handheld price-checking devices, cash registers, and the store’s computers. TJX was using an outdated (WEP) encryption system, which made it easy for hackers to crack. The hackers stole user names and password to setup their own TJX account using handheld equipment and also used the data to crack encryption codes. This allowed them to access TJX system from any computer with internet. The hackers also obtained personal information which could be used for identity theft, including driver license numbers, social security numbers, and military identification of 451,000 customers. The data theft took place over an eighteen month period without anyone’s knowledge. The security controls in place out grew the total size of the company. The system was way overdue for a complete overhaul, because the system was so far out of date with the new technology. I read further about this on the internet and came to find out that the hackers went undetected for seventeen months. This time frame gave the hackers plenty of time to take forty-five…

    • 928 Words
    • 4 Pages
    Good Essays
    Read More
  • Good Essays

    Home Depot - Executive Summary
    • 797 Words
    • 3 Pages

    Home Depot - Executive Summary

    The Home Depot (Ticker: HD) is the world’s largest home-improvement retailer along with being an American Fortune 50 company. The company operates 2,259 retail building supply/home improvement “warehouse” type stores all across the United States, Canada and Mexico. The Home Depot has over 340,000 team members and is based in Atlanta, Georgia. The average store size is just over 100,000 square feet along with an additional 24,000 square feet set aside for seasonal gardening.…

    • 797 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Target Security Breach Case Study
    • 442 Words
    • 2 Pages

    Target Security Breach Case Study

    On December 19th Target revealed that 40 million credit and debit card accounts were compromised by a data breach. The information had appeared to be stole around black friday of 2013. This is the busiest shopping day of the year.The retailer said that the information stolen between November 27 and December 15, 2013 included personal information of as many as 70 million people more than the 40 million the company originally estimated. Target discovered the breach on December 13th and notified the justice department.The information stolen included names, mailing addresses, phone numbers and email addresses. The hackers tole 11 Gb worth of personal information. Target said that it will provide one year of free credit monitoring…

    • 442 Words
    • 2 Pages
    Good Essays
    Read More
  • Better Essays

    Target Data Breach
    • 1162 Words
    • 5 Pages

    Target Data Breach

    Target a large retail corporation that operates over 1,700 stores across the United States. They also operate as an online retailer at target.com. In 2012 the retailer earned more than $73 billion dollars in revenue and grew their sales by 5.1% from the previous year. Looking at the revenue and sales growth rate it is hard to fathom that more money could not be spent to ensure that consumer data is protected as much as possible. As information security specialists one of the worst things that can happen is our network gets infiltrated and customer information is stolen. On December 19, 2013 Target released a statement stating that they have had an information security breach and suggested that as much as 70 million credit card information had been stolen.…

    • 1162 Words
    • 5 Pages
    Better Essays
    Read More
  • Good Essays

    Choicepoint Data Breach
    • 865 Words
    • 4 Pages

    Choicepoint Data Breach

    The ChoicePoint data breach led to over 145,000 records of personal information being stolen (Polstra, 2005). This was not by any type of hack into ChoicePoint’s systems but by an individual or a group of people who used previously stolen information to create fake businesses that would have a need to preform background checks on people. They used the fake businesses to apply for accounts with ChoicePoint. When ChoicePoint reviewed the application for membership they ran a check on the businesses and did not find any criminal activity on the owners of these fake companies since they were from stolen information and not the criminals themselves. Since no…

    • 865 Words
    • 4 Pages
    Good Essays
    Read More
  • Better Essays

    Nt1310 Unit 1 Research Paper
    • 1564 Words
    • 7 Pages

    Nt1310 Unit 1 Research Paper

    These transactions are resulting in the exploitation of resources of the Web site and of the Credit Card Providers for these users after the User’s reaches their responsible percentage quickly. The Hacker uses their methods to exploit found vulnerabilities or have a User click on an application that allows them to take control undetected while the user continues their shopping. Once the User signs off and leaves the transaction it supposedly closes its session, the Hacker suspends the transaction until the coast is clear and then continues undetected, (Imperva, 2012b).…

    • 1564 Words
    • 7 Pages
    Better Essays
    Read More
  • Good Essays

    Tjx It Security Breach
    • 1174 Words
    • 5 Pages

    Tjx It Security Breach

    In January of 2007 the parent company of TJMaxx and Marshalls known as TJX reported an IT security breach. The intrusion involved the portion of its network that handles credit card, debit card, check, and merchandise return functions. Facts slowly began to emerge that roughly 94 million customers’ credit card numbers were stolen from TJMaxx and Marshalls throughout 2006. It was believed that hackers sat in the parking lots and infiltrated TJX using their wireless network.…

    • 1174 Words
    • 5 Pages
    Good Essays
    Read More
  • Better Essays

    American Loan Sharks
    • 2297 Words
    • 10 Pages

    American Loan Sharks

    to protect the consumer, credit card companies launched and were essentially given a license to steal,…

    • 2297 Words
    • 10 Pages
    Better Essays
    Read More
  • Good Essays

    Target Security Breach Analysis
    • 439 Words
    • 2 Pages

    Target Security Breach Analysis

    As Target continues to respond to the security breach that has now been estimated to affect up to 110 million people by NBC News.com, analysts continue to zero in on the statements and actions by CEO, Gregg Steinhafel. And positively so. In the Wall Street Journal article titled, “Target Tried Antitheft Cards,” authors Paul Ziobro and Robin Sidel highlight statements now being made by Steinhafel and actions taken in the past concerning chip-based credit cards. Although the article states that Target pulled the plug on a $40 million, three-year program proposed to better protect shoppers a decade ago, it is apparent that Target may not be to blame.…

    • 439 Words
    • 2 Pages
    Good Essays
    Read More
  • Powerful Essays

    Case Study Of Target's Data Breach
    • 1301 Words
    • 6 Pages

    Case Study Of Target's Data Breach

    During, and leading up to, the recent data breach that occurred at Target, it is evident that many mistakes were made at the executive level. As any company, Target possesses a primary goal of balancing both effectiveness, and efficiency; however, the organization under CEO Greg Steinhafel did not achieve these goals simultaneously. Prior to the data breach experienced by Target, the company primarily focused on efficiency --- the act of determining and implementing the most cost effective method of utilization for products, resources, or personnel (Kinicki and Williams, 2016). This manner of management by the executives did meet the minimum requirements of cyber security set by government regulations; however, it was not not effective enough…

    • 1301 Words
    • 6 Pages
    Powerful Essays
    Read More
  • Powerful Essays

    retail stores data breaches on 2014 1

    • 931 Words
    • 4 Pages

    retail stores data breaches on 2014 1

    In today’s world information security has been taken as a prominent issue, and cybercrimes has been rising at a higher level even the security experts are tired of the online game. Each valuable time there is always a malware installed underground phishing or stealing customer’s information via credit cards or debit cards. Security experts from various hubs are trying to nub the cyber criminals including the FBI and it has been a battle of today’s dark Usenet. Today data is very sensitive to third party users and must be protected with harsh algorithms this was written by Thomas in security concepts 2014 . Data breach refers to any situation in which a person or a group, steals sensitive or confidential data.…

    • 931 Words
    • 4 Pages
    Powerful Essays
    Read More
  • Satisfactory Essays

    Cash vs Credit Card (Compare& Contrast)
    • 375 Words
    • 2 Pages

    Cash vs Credit Card (Compare& Contrast)

    In addition, when one decides to purchase something on the internet, credit cards will be mandatory. That is because the card contains numbers which are going to be typed. That will also prevent sending fake money to the organization which will receive the money. However, if cash can be accepted in online purchases, there will be a lot of manipulation because cash cannot contain any digit numbers compared to the credit cards that have many numbers, such as the card number and name of the holder. Those information are subjective to change in case there are illegal transictions.…

    • 375 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Good Essays

    Hass & Associates Online Reviews: Cyber warfare provides ominous welcome to 2015
    • 708 Words
    • 2 Pages

    Hass & Associates Online Reviews: Cyber warfare provides ominous welcome to 2015

    compromised 1.16 million credit and debit cards used by customers at 119 stores across 35…

    • 708 Words
    • 2 Pages
    Good Essays
    Read More