Home Depot May Be the Latest POS Malware Victim

Home Depot confirmed that it is investigating "some unusual activity" and working with banking partners and law enforcement.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Home Depot security

U.S. home improvement retail giant Home Depot could potentially be the latest victim of a data breach at its stores.

"At this point, I can confirm that we're looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," a Home Depot spokesperson wrote in an email to eWEEK. "Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers."

The spokesperson added that if Home Depot does confirm that a breach has occurred, the company will make sure customers are notified immediately. "Right now, for security reasons, it would be inappropriate for us to speculate further," the spokesperson wrote.

Data breaches at retailers have been a growing concern in 2014, and if the Home Depot breach is, in fact, confirmed, the retailer will join other big-name companies.

On Dec. 9, 2013, Target first publicly revealed that it had been the victim of a data breach, which now carries a price tag of $148 million. Neiman Marcus followed in January with a public disclosure that it, too, had been breached. Restaurant chain P.F. Chang's admitted on June 12 that an attacker had breached its systems.

More recently, package delivery firm UPS disclosed on Aug. 20 that 51 of its stores had been breached.

In many of those cases, it is suspected that a retail point-of-sale (POS) malware, known as Backoff, is the root cause. The U.S. Secret Service estimates that Backoff has hit upward of 1,000 retailers. It's not yet clear if Home Depot is one of them.

What is clear is that retail security is under attack like never before and big-name retailers are at risk.

For vendors, the solution to this problem is multifaceted, but it begins with ensuring that systems are not just Payment Card Industry Data Security Standard (PCI DSS) compliant at a certain point in time, but are actually adhering to PCI DSS best practices every day.

For consumers, the only solution is vigilance.

"Consumers with a Home Depot credit account should log in to their account, change their password, and check the Account Activity section for any suspicious transactions," Dan Waddell, director of government affairs at (ISC)2, said in an email to eWEEK.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.