Preview

Home Depot Data Breach Case Study

Good Essays
Open Document
Open Document
598 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Home Depot Data Breach Case Study
Case Study: The Home Depot Data Breach
1. Security Problem/Incident
The theft of payment card information has become a common issue in today’s society. Even after the lessons learned from the Target data breach, Home Depot’s Point of Sale systems were compromised by similar exploitation methods. The use of stolen third-party vendor credentials and RAM scraping malware were instrumental in the success of both data breaches. Home Depot has taken multiple steps to recover from its data breach, one of them being to enable the use of EMV Chip-and-PIN payment cards. Is the use of EMV payment cards necessary? If P2P (Point to-Point) encryption is used, the only method available to steal payment card data is the installation of a payment card skimmer. …show more content…
The unfortunate thing is the way the attackers infiltrated the POS networks and how the attackers were able to steal the payment card data, were the same methods used in the Target data breach. The attackers were able to gain access to one of Home Depot’s vendor environments by using a third-party vendor’s logon credentials. Then they exploited a zero-day vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment.
Payment card information is sold by cyber-criminals frequently. In more recent retail breaches, they have been able to steal payment card information from millions of customers and sell it online in what is known as the “Darknet.” Once the cyber-criminal has stolen the payment card information, there is a process that takes place in order to put the information on sale on the Darknet and for the cyber-criminals to make money. The first step in the process is selling the payment card information to brokers. The brokers buy the payment card information in bulk and sell the information to “carders” on carder websites. The definition from “How ‘carders’ trade your stolen personal info” says, “Carders are the people who buy, sell, and trade online the credit card data stolen from phishing sites or from large data breaches at retail stores”. An example of a carder website is Rescator shown in Figure 1 below (Lawrence, 2014). As you can see, the site has full search capabilities based on the type of card you are searching
Continue Reading
View Writing Issues

You May Also Find These Documents Helpful

  • Good Essays

    Home Depot - Executive Summary
    • 797 Words
    • 3 Pages

    Home Depot - Executive Summary

    Executive Summary -The Home Depot The Home Depot (Ticker: HD) is the world’s largest home-improvement retailer along with being an American Fortune 50 company. The company operates 2,259 retail building supply/home improvement “warehouse” type stores all across the United States, Canada and Mexico. The Home Depot has over 340,000 team members and is based in Atlanta, Georgia. The average store size is just over 100,000 square feet along with an additional 24,000 square feet set aside for seasonal gardening.…

    • 797 Words
    • 3 Pages
    Good Essays
    Read More
  • Better Essays

    Target Data Breach
    • 1162 Words
    • 5 Pages

    Target Data Breach

    Target Data Breach Charles Moore American Military University Abstract Target a large retail corporation that operates over 1,700 stores across the United States. They also operate as an online retailer at target.com. In 2012 the retailer earned more than $73 billion dollars in revenue and grew their sales by 5.1% from the previous year. Looking at the revenue and sales growth rate it is hard to fathom that more money could not be spent to ensure that consumer data is protected as much as possible. As information security specialists one of the worst things that can happen is our network gets infiltrated and customer information is stolen. On December 19, 2013 Target released a statement stating that they have had an information security breach and suggested that as much as 70 million credit card information had been stolen.…

    • 1162 Words
    • 5 Pages
    Better Essays
    Read More
  • Good Essays

    Target Security Breach Analysis
    • 439 Words
    • 2 Pages

    Target Security Breach Analysis

    Pointing to “backward U.S. technology,” Ziobro and Sidel reveal a long-standing issue between the financial industry and retailers that has slowed progression on chip cards. Because these cards are widely used in Europe and Canada, the U.S. has become the preferred target for criminal hackers, according to the authors. As a result, “the breaches keep coming,” and a computer-based attack experienced by Neiman Marcus over the holidays as well is used as further evidence of the widespread problem at hand.…

    • 439 Words
    • 2 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    Case Analysis: Home Depot
    • 153 Words
    • 1 Page

    Case Analysis: Home Depot

    Home Depot and its subsidiaries provides excellent customer service for home improvements, lawn products, and building material. The company stocks about $30,000 to $40,000 different types of home improvement supplies and other merchandise. The Consolidated Financial Statement reports the assets, liabilities, expense, and the amount of revenues for the company. In fiscal year 2013, The Home Depot recent quantitative assessment were completed. In tax year 2014, Home Depot completed its’ annual assessment in order to recover the reporting units from the different countries.…

    • 153 Words
    • 1 Page
    Satisfactory Essays
    Read More
  • Satisfactory Essays

    The Massive Data Breach At Target Started On November 27
    • 256 Words
    • 1 Page

    The Massive Data Breach At Target Started On November 27

    The data breach resulted from Target’s failure to segregate systems handling payment card data from the rest of its network (Bertrand, 2014). The attackers gained access to the company’s network with a username and password stolen from Fazio Mechanical Services who provided refrigeration and HVAC systems for them. With just that information alone, the attackers were able to upload malware programs on Target’s Point of Sale (POS) systems.…

    • 256 Words
    • 1 Page
    Satisfactory Essays
    Read More
  • Good Essays

    Credit Card Fraud
    • 729 Words
    • 3 Pages

    Credit Card Fraud

    The raised letters and numbers on the plastic cards are now rarely used or even read. This then gave rise to “skimming” devices that could be used by some unscrupulous persons to electronically scan and save the information from many customers' cards. Techniques such as "skimming," in which criminals capture card information and personal-identification numbers, have existed for years, often on a small scale. A growing security concern with Skimming devices is the possible release of the user’s personal information or location to unauthorized parties. So, what is now needed is a way to increase the security of payment card use at merchant locations.…

    • 729 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Who's Minding the Store: Analysis
    • 666 Words
    • 3 Pages

    Who's Minding the Store: Analysis

    Who is Minding the Store?: Analysis: As seen in the video, criminals stealing hard drives from commercial establishments is becoming more common and holds the opportunity for criminals to steal hundreds of individuals’ credit and debit card information. This growing trend puts the consumer at risk for extra charges on their credit and debit cards as well as identify theft. What is even more surprising is that consumers are unaware of the true risks that are involved in using their card at terminals in stores. Moreover, even though businesses are to swipe the hard drives clean each day, many are failing to complete this proper procedure to prevent consumer’s stolen information. To add, where the consumer’s information was compromised is not made available to the consumer.…

    • 666 Words
    • 3 Pages
    Good Essays
    Read More
  • Good Essays

    Choicepoint Data Breach
    • 865 Words
    • 4 Pages

    Choicepoint Data Breach

    The ChoicePoint data breach led to over 145,000 records of personal information being stolen (Polstra, 2005). This was not by any type of hack into ChoicePoint’s systems but by an individual or a group of people who used previously stolen information to create fake businesses that would have a need to preform background checks on people. They used the fake businesses to apply for accounts with ChoicePoint. When ChoicePoint reviewed the application for membership they ran a check on the businesses and did not find any criminal activity on the owners of these fake companies since they were from stolen information and not the criminals themselves. Since no…

    • 865 Words
    • 4 Pages
    Good Essays
    Read More
  • Satisfactory Essays

    annotated biography
    • 551 Words
    • 2 Pages

    annotated biography

    University of Phoenix Library Jenni Bergal, B. W. (2001, Aug 07). IDENTIY CRISIS > TODAY 'S SAVVY CRIMINALS STEAL DATA TO OPEN AND MAX OUT CREDIT CARDS. South Florida Sun - Sentinel Retrieved from http://search.proquest.com/docview/388009277?accountid=458…

    • 551 Words
    • 2 Pages
    Satisfactory Essays
    Read More
  • Better Essays

    Randy Vanderhoof Summary
    • 1496 Words
    • 6 Pages

    Randy Vanderhoof Summary

    One important thing EMV brings to the table is a way to devalue personal information on the black market. Vanderhoof is able to play on the reader's emotions by mentioning past events, such as the Target data breach as discussed earlier. Another important aspect of EMV is the proof that it has worked in other nations, such as Latin American and Europe. This encourages one and makes them feel that they must transition to EMV. EMV will prevent criminals from cloning cards. One may ask what is the purpose of this EMV technology? The answer appears quite simple based on the assertions of Vanderhoof. Concern about protecting data must be aligned with the threats of modern times. When the magnetic stripe was originally introduced, computers were not available to everyone, and the majority of people did not know how to hack computers. Now, we need EMV because everyone has a computer and many people know how to effectively hack and clone credit cards. Therefore, these measures are important because they will help save companies millions of dollars while protecting citizens from identity fraud in the…

    • 1496 Words
    • 6 Pages
    Better Essays
    Read More
  • Good Essays

    Tjx It Security Breach
    • 1174 Words
    • 5 Pages

    Tjx It Security Breach

    Part I: Description In January of 2007 the parent company of TJMaxx and Marshalls known as TJX reported an IT security breach. The intrusion involved the portion of its network that handles credit card, debit card, check, and merchandise return functions. Facts slowly began to emerge that roughly 94 million customers’ credit card numbers were stolen from TJMaxx and Marshalls throughout 2006. It was believed that hackers sat in the parking lots and infiltrated TJX using their wireless network.…

    • 1174 Words
    • 5 Pages
    Good Essays
    Read More
  • Better Essays

    TJX the largest-ever consumer data breach
    • 1054 Words
    • 4 Pages

    TJX the largest-ever consumer data breach

    TJX- SECURITY BREACH MGSC 6201-02 INDUSTRY/COMPANY CONTEXT: TJX Companies, based in Framingham, MA, was a major participant in the discount fashion and retail industry. The TJX brand had presence in the United States as well as in Canada and Europe. In mid-2005, investigators were made aware of serious security breaches experienced in TJX’s credit card system. These breaches were first found at a Marshall’s located in St Paul, MN in which the hackers implemented a “war driving” tactic to steal customer credit card information. This incident resulted in over 46 million debt and credit card numbers being compromised and is considered to be the largest security breach in US history. The security breach at TJX resulted in major members of the credit card association to establish the Payment Credit Industry Data Security Standard (PCI DSS) in order to better regulate security needs for merchants’ company credit card systems.…

    • 1054 Words
    • 4 Pages
    Better Essays
    Read More
  • Good Essays

    Cash Versus Credit Cards
    • 1137 Words
    • 5 Pages

    Cash Versus Credit Cards

    References: Scott III, R. H. (1999). Credit card use and abuse: a Veblenian analysis.. Retrieved from http://www.highbeam.com/doc/1G1-164721227.html…

    • 1137 Words
    • 5 Pages
    Good Essays
    Read More
  • Better Essays

    Assignment 1 Assess Organizational Readiness no name
    • 2381 Words
    • 9 Pages

    Assignment 1 Assess Organizational Readiness no name

    Background: Flayton Electronics, a second generation family business, has just been notified that there may have been a data breech associated with credit cards used at their stores. The initial reports indicates at least 1500 accounts may have been compromised although this number appears to be growing quickly as more banks and clearing houses are notified of the possible breech. Flayton is a small, regional electronics business with 32 stores in six (6) states. The case study is happening within 24 hours of first notification of the possible breech.…

    • 2381 Words
    • 9 Pages
    Better Essays
    Read More
  • Better Essays

    American Loan Sharks
    • 2297 Words
    • 10 Pages

    American Loan Sharks

    to protect the consumer, credit card companies launched and were essentially given a license to steal,…

    • 2297 Words
    • 10 Pages
    Better Essays
    Read More