The popular home improvement store Home Depot is the latest victim of the BlackPOS virus, which is a malware virus that siphons user data during payment transactions. Everyone who has shopped at the Home Depot using a debit, credit or Home Depot card since May could be at risk of identity theft. Some Home Depot stores may have been affected as early as April.
KrebsOnSecurity reports this is the same malware that was used in the recent Target attack, where over 40 million shoppers had their identity jeopardized. Stores like Neiman Marcus, P.F. Changs and Michaels have also been victims. The BlackPOS malware is designed for Microsoft Windows operating systems that are used for accepting card transactions. The credit card numbers and personal information from the cards are sent to a database after they are swiped at the cash register, and the hackers then record the data.
An underground cyber-crime community called Rescator was caught selling some of Home Depot's customers' card information to hackers. This is the same site that was selling the information from victims of the Target incident. They release the data to buyers in batches, profiting from the information and allowing others to use it for fraud.
This newly created virus has slipped past many anti-virus programs that are in use, but TrendMicro thinks it has finally started to detect this strain of malware. The websites where this stolen information is being sold are also filled with anti-American propoganda, so it is possible this is a direct attack on American citizens.
As many retailers see the need for increased security, it's almost impossible to completely shield yourself from these types of cyber crimes. Many large American credit card companies and retailers are agreeing to adopt the chip-in-pin method, where cards have a microchip in them to protect against identity theft, and these cards are already being used in other areas around the globe. American retailers are an easy target because they aren't currently using this method.
Anyone who fears they may be affected by this security breach to Home Depot will want to have a hold put on their credit, preventing anyone from taking out a loan or new credit card with stolen information. All credit and debit cards should also be cancelled, so the numbers that hackers have are no longer useful. Using a credit monitoring system is also recommended to help you watch for suspicious activity with your identity.
Home Depot has announced that this incident and the protection of their customers' identity are at the top of their concern, and they are doing everything that they can to get to the bottom of it. If you could be a victim, start working to protect your identity.
Photo courtesy of sixninepixels at FreeDigitalPhotos.net