Atlanta, GAThe data breach that affected retail giant Home Depot, and revealed in recent days, is not only the latest example of a hacker accessing customers personal information amidst data storage systems that are generally assumed as secure, it could be the largest yet.
The breach could eclipse that of Target, which affected about 40 million consumers. This latest breach, according to various reports, could be far worse - as many as 60 million consumers in both the US and Canada. It has been reported that Home Depot locations in Mexico were not affected, and consumers accessing Home Depot’s online system at HomeDepot.com are also thought to be safe. Personal ID numbers for debit cards were also not taken.
However, consumers personally shopping in any of home Depot’s 1,977 locations in the US and 180 stores in Canada have a lot to worry about, and industry analysts say this could be very serious on various fronts. An industry watcher with an Internet security consulting enterprise noted in comments published in the New York Times that it doesn’t help that the breach was not announced by Home Depot itself, but was instead revealed by a blogger who caught wind of it.
“Honestly, Home Depot is in trouble here,” said Eric W. Cowperthwaite, vice president of Core Security, an Internet-security consulting company, in comments published in the New York Times (9/8/14). Cowperthwaite noted that it was a security blogger, Brian Krebs, who broke the data breach ahead of Home Depot.
“This is not how you handle a significant security breach, nor will it provide any sort of confidence that Home Depot can solve the problem going forward,” Cowperthwaite said.
Home Depot finally confirmed the data breach, but not before various consumers lined up as plaintiffs in a class-action data breach lawsuit against Home Depot. The lawsuit was filed in Georgia, as noted below. The lawsuit asserts that Hope Depot dropped the ball, failing to protect consumers from fraud and failure to alert them of the data breach in a timely manner.
Retailers ill-prepared for hack attacks: study
Fodder for data breach lawsuits will also likely include the outcomes of studies that have concluded retailers in particular are not adequately prepared for hack attacks. The New York Times noted a study conducted by The Ponemon Institute and DB Networks - respectively an independent security research firm and a database security firm. The study found that most computer security experts in the US believed there was a distinct lack of tools and technology available to swiftly and adequately detect and root out hacker attacks to databases and other sensitive information.
“Any organization connected to the debit and credit card ecosystem faces constant and evolving threats,” said Sandy Kennedy, president of the Retail Industry Leaders Association, in comments published in the New York Times. “The public and private sector must continue to work together to improve debit and credit card security, identify threats and share information to best defend against cyber-attacks.”
Among the companies having fallen victim to hackers include UPS, Goodwill, P. F. Chang’s, Sally Beauty, Michael’s and Neiman Marcus - as well as higher-profile hacks like those involving Target and now, Home Depot. A company spokesperson, Paula Drake, said on behalf of Home Depot that the breach could have affected customers in the US and Canada from this past April to just after Labor Day, a period of about five months.
No one knew it was going on.
Since the data breach was revealed, Attorneys general from three states - Connecticut, California and Illinois, are heading up a joint investigation into the hack.
Meanwhile, a proposed class-action data breach lawsuit has already been filed by plaintiffs John Solak and Dennis O’Rourke. According to court documents, the two men used their credit and debit cards at Home Depot locations in New York and Pennsylvania, with both claiming their personal information and card data were compromised.
The data breach lawsuit is Solak et al v. The Home Depot, Inc., Case No. 1:2014-cv-02856, filed September 4, 2014 at The Eleventh Circuit, Georgia Northern District Court.
If you or a loved one have suffered losses in this case, please click the link below and your complaint will be sent to a financial lawyer who may evaluate your Data Breach claim at no cost or obligation.