Home Depot completes malware elimination in all U.S. stores

Home Depot confirmed that the malware used in its recent breach has been eliminated from its U.S. and Canadian networks. They completed a major payment security project that provides encryption of payment data at point of sale in the company’s U.S. stores, offering.

Roll-out of enhanced encryption to Canadian stores will be complete by early 2015. Canadian stores are already enabled with EMV “Chip and PIN” technology.

The company’s investigation has determined the following:

  • Criminals used unique, custom-built malware to evade detection. The malware had not been seen previously in other attacks, according to Home Depot’s security partners.
  • The cyber-attack is estimated to have put payment card information at risk for approximately 56 million unique payment cards.
  • The malware is believed to have been present between April and September 2014.

The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and any terminals identified with malware were taken out of service.

There is no evidence that debit PIN numbers were compromised or that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com or HomeDepot.ca.

What can we learn from the top 10 biggest data breaches?