Home Depot shares drop over fears of data breach
WASHINGTON / NEW YORK Home Depot Inc., the largest home-improvement chain in the United States, fell the most in almost five months after saying it was working with banks and law enforcement to investigate a possible data breach.
“We’re looking into some unusual activity,” Paula Drake, a spokeswoman for the Atlanta-based company, said in an emailed statement. “We are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately.”
Brian Krebs, the independent journalist who uncovered a hacker attack at Target Corp. last year, reported that a “massive” batch of stolen credit- and debit-card information went on sale Tuesday. There’s evidence the cards are linked to Home Depot stores, Krebs said on his website.
The suspected breach may have occurred in late April or early May and could encompass all 2,200 of the company’s stores in the U.S., Krebs said. That means it could be larger than the Target incident, he said. A spokesperson for Home Depot Canada told Global News in Toronto that the chain’s 180 stores in Canada were included in the assessment of a possible breach.
Home Depot shares dropped two per cent to US$91.15, the largest decline since April 7. The stock has climbed 11 per cent this year.
“The criminals are getting smarter faster than the companies,” said Jaime Katz, an analyst for Morningstar Inc. “If it is something on the scale of Target, there is obvi- ously significant concern.”
Hackers probably installed malicious software on Home Depot’s point-of-sale cash registers capable of stealing bank account information, names, card expiration dates and other data, said Trey Ford, global security strategist for Boston-based software security company Rapid7 LLC. The incident is probably another example of hackers relying on so-called Backoff malware, which the Secret Service estimates has been used to target more than 1,000 businesses over the past year.
“This is effectively a keystroke logger,” said Ford, who doesn’t have direct knowledge of the Home Depot attack. “It’s capturing all that stuff that comes in.”
Target has shown how devastating a data breach can be to a retailer. Hackers struck the company last year during the height of the holiday shopping season, tarnishing its reputation and hampering sales. Target’s slow reaction to the incident also drew criticism from lawmakers, and the company ousted its chief executive officer in May.