Home Depot: US states begin probe over huge data breach

  • Published
Home Depot store in MarylandImage source, AFP
Image caption,

The Home Depot breach coincided with a rise in fraudulent debit card fraud, says blogger Brian Krebs

Pressure is mounting on US retail giant Home Depot after what could be one of the biggest data breaches ever.

At least five US states have begun looking into the case, and there are calls in Washington for the Federal Trade Commission to investigate.

Credit and debit card data was taken, and although Home Depot has not said how many people were affected there are reports it runs into several million.

Home Depot confirmed the breach on Monday and apologised to customers.

A spokeswoman for Connecticut Attorney General George Jepsen said that California, Connecticut, Illinois, New York and Iowa would lead a multi-state probe into the breach.

"We have had initial contact with the company," said , director of communications for Mr Jepsen. "We would decline any further comment at this time."

Meanwhile, two Senators, Edward Markey and Richard Blumenthal, have called on the Federal Trade Commission to investigate.

"If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information," the senators said in a statement.

"Such conduct is potentially unfair and deceptive, and therefore could violate the FTC Act."

Home Depot said customers who shopped at its stores as far back as April were exposed to the breach.

Malware

Security blogger Brian Krebs was the first to reveal the hack, external, which he said targeted credit and debit cards used on malware-infected cash registers.

According to the blogger, the Home Depot credit and debit card breach was aided by a new variant of the malicious software program that stole data from cash registers in Target stores around the US last December.

The malware, known as BlackPOS, siphoned data from cards when they were swiped at infected cash registers running Windows.

Meanwhile, Illinois resident Kelsey O'Brien has filed a lawsuit, seeking class-action status, compensatory and punitive damages and credit card monitoring services.

He said he used his credit card at Home Depot and had his personal financial information exposed.

Home Depot said it would cooperate with any investigations, but declined to comment further.