In a year of huge data breaches, The Home Depot security breach is proving to be the biggest yet. Upwards of 60 million users in both Canada and the United States could be affected. Yet, Home Depot took too long to officially confirm the news once the story broke, and when they did, the damage was already done. Now, they are facing a lawsuit which will become precedent-setting because how do you put a price tag on trust?
Welcome to the pitfalls of retail responsibility in the age of data insecurity. No matter how businesses may try to spin them, data breaches mean trouble somewhere down the line, and given the money to be made they aren’t going away. Cybercrime is booming beyond anyone’s expectations. Hackers halfway around the globe are constantly upping the game in their quest for information to sell on the black market. That information happens to be a digital summation of our lives: where we live, what we’re worth, who we are. Those little plastic cards that run our lives can also ruin them in one stroke.
The technical details of how cybercriminals lift card numbers, usercodes, and passwords have been well documented over the past year. Infact, the US Department of Homeland Security issued a security advisory in late August warning businesses of the threat of Point of Sale or POS malware, in particular one called “Backoff” that stole information from credit cards (http://t.co/WiOpgp6c6M). It all comes down to a little piece of equipment we use every day. POS card readers are where we shop, eat, buy gas, withdraw money. And the scary truth is how easily they are tampered with. Crime rings buy or extort their way into fixing the actual hardware to mine data. Cybercriminals have figured out a less obvious route using remote access to command and control the devices so they transmit the data without detection. It’s enough to make anyone paranoid.
Instead of being scared into action, however, businesses seem to have pulled the ostrich hiding its head routine, hoping it would all go away. But it hasn’t gone away, and the lag time has only afforded the hackers more time to perfect their skills while we struggle to catch up. A full week passed before The Home Depot officially confirmed the real extent of the breach. The scope of those potentially caught in the net of hackers is still being determined, with 60 million users a conservative estimate.
So just how do you tell 60 million users that their credit card data and other valuable personal information has just been released to the global criminal black market? There is no good way to spin that much bad news, not following recent announcements that Target, UPS, Supervalu Grocery stores,several major US banks, and Dairy Queen had also been breached. Brian Krebs had revealed the hack attack on Target. On September 2, he broke the news on his website, KrebsOnSecurity, that “a massive batch of stolen credit and debit card information went on sale.” At the outset of the data breach, Home Depot shared dropped. Per an article in The Globe and Mail (trib.al/e8RZclg) , shares in trading fell 3.4%. Now, they face a class-action lawsuit.
The reported costs of a data breach vary, but according to Alcott HR Group, is starts at $5 million for one incident, and another source claims that has now doubled. But the real loss is in what we cannot truly measure, and that is the very heart of retail business. How do you put a price tag trust, consumer confidence and lost customers? Taking responsibility for your POS devices means taking the necessary actions to safeguard your customers. The rest of retail is about to learn an invaluable lesson at Home Depot’s considerable expense.