Research the attached case study on The Home Depot data breach. Generate a two-page overview using the
Question:
Research the attached case study on The Home Depot data breach. Generate a two-page overview using the following. What was the issue? How did it happen? Whom did the breach affect? What was the result/ your observations?
On September 8th, 2014, Home Depot released a statement indicating that its payment card systems were breached. They explained that the investigation started on September 2nd and they were still trying to discover the actual scope and impact of the breach. Home Depot explained that they would be offering free credit services to affected customers who used their payment card as early as April of 2014 and apologized for the data breach. They also indicated that their Incident Response Team was following its Incident Response plan to contain and eradicate the damage and was working with security firms for the investigation ("The Home Depot, Inc. - News Release," 2014). This is one of many retail breaches that have occurred and will continue to occur, until retailers become proactive in safeguarding their environments.
Home Depot was one of the many victims to a retail data breach in 2014. The unfortunate thing is the way the attacker’s infiltrated the POS networks and how the attackers were able to steal the payment card data, were the same methods used in the Target data breach. The attackers were able to gain access to one of Home Depot’s vendor environments by using a third-party vendor’s logon credentials. Then they exploited a zero-day vulnerability in Windows, which allowed them to pivot from the vendor-specific environment to the Home Depot corporate environment.
Once they were in the Home Depot network, they were able install memory scraping malware on over 7,500 self-checkout POS terminals (Smith, 2014). This malware was able to grab 56 million credit and debit cards. The malware was also able to capture 53 million email addresses (Winter, 2014). The stolen payment cards were used to put up for sale and bought by carders. The stolen email addresses were helpful in putting together large phishing campaigns.
Research Methods For Business Students
ISBN: 9781292208787
8th Edition
Authors: Mark Saunders, Philip Lewis, Adrian Thornhill