By Alexa C. DellCioppia,
Money and Investing Writer
People nationwide frequently shop at Home Depot (NYSE: HD). The home improvement superstore has become a leader in its industry and is a favorite for do-it-yourselfers and contractors alike.
That is why when this past week a large credit card breach supposedly linked to the store was discovered, many found themselves scared for their credit security.
This is especially scary for people who do not understand how this credit card information gets into the hands of thieves and how it gets handled from there.
Simply put, this credit card data is placed on a carding site, where those interested in buying this information can purchase it. The information stolen in this particular breach is selling for up to $50.
This could mean a big payout for the hackers that stole this information. Home Depot is approximately 2,200 stores strong, significantly larger than other retailers who have been victims of similar breaches.
The infamous Target (NYSE: TGT) breach late last year affected some 1,800 target stores.
Keeping with this comparison, the Target breach was discovered approximately three weeks after the data was stolen. It is estimated that the Home Depot breach began as early as April, meaning this information has been on the market for a supposed four months.
The discoverer of the breach is Brian Krebs, a blogger on cyber security. According to a report, he claims that “there was a 99.4 percent overlap between ZIP codes listen in a collection of stolen account numbers on an Eastern European carding site, called Rescator, and Home Depot’s store locations.”
To make matters even worse, according to a New York Times article on the subject, over “the last few years, carding sites have been selling the city, state, and ZIP code of the store from which each card was stolen in addition to the account number and expiration date.”
The article continues to state that Ron Sadowski, an executive at RSA, has confirmed this information is included in the hacker’s sales.
But why would thieves be interested in this additional information?
Simply put, this makes the card information a lot easier to use again to purchase items of the thief’s choosing.
A thief looking to use credit card information to make a purchase in New York, may be questioned when the credit card information received is registered to someone living in Nevada.
To prevent any breach from happening again in the future, there is hope that chip cards will make their grand entrance into the market.
When a chip card is used, all that is transferred with each card swipe is a code. This code is specific to this transaction and has no relation to the user’s actual card number.
In comparison, when a regular credit card is used, the system where the credit card was swiped receives the customer’s entire card number, exactly what the hackers are looking for.
For now, Home Depot is promising to get to the bottom of the issue and ensures its customers that they will be protected. Home Depot spokeswoman, Paul Drake, states, “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers.”
Surprisingly, after word of the breach hit the media, Home Depot stock fell only about 2 percent.
A version of this article appeared in the Tuesday, Sept. 9 print edition.
Contact Alexa at