The Home Depot Data Breach Case

1723 Words7 Pages

Home Depot Data Breach

In the Home Depot data breach case, the hackers stole the login in credentials from a vendor who had access to the Home Depot network. The hacker used this access to install custom built malware that would focus specifically on the self-checkout terminals at the local stores. This custom malware was designed to be able to bypass any antivirus software, which is why the malware went undetected for months. ("Home Depot, Target: Same Breach Script? - BankInfoSecurity," n.d.) Once detected, it was too late, the installed malware allowed the hackers to steal information on over 56 million credit and debit cards. The stolen information included names, credit card numbers and expiration dates. Additionally, over 53 million …show more content…

It began by hackers stealing the user name and password of a current Chase Bank employee. Chase Bank had previously updated their security to use a two-factor authentication, which requires a second password when accessing secure data. However, one of the network servers was inadvertently not updated which allowed for the hackers to gain access. This oversight of one server, left a room for the hackers gain access to over 90 of its servers containing proprietary information. ("Neglected Server Provided Entry for JPMorgan Hackers - The New York Times," n.d.) The hackers used this access to install customized malware, used to extract data. Over 76 million customers and over 7 million businesses were affected. The data that was compromised included, names, addresses and phone numbers as well as additional information about the users that chase uses internally. ("Form 8-K," n.d.) Although there has been no evidence of lost funds, the possibilities of this attack we unsurmountable. The hackers were able to gain access to a significant amount of bank servers. The access they gained gave them permissions to open and close account and to transfer funds between accounts. If the hackers would have chosen to use their access to steal funds, the damage could have been …show more content…

They have chosen to build a security team made up of ex-military cybersecurity experts. ("JPMorgan hit by biggest bank breach in history - Business Insider," Since the hackers were able to gain privileged access, they had access to the bank’s programs and applications that it used. For Chase, this means that they had change everything that it used, because the hacker now knew the vulnerabilities of the applications that Chase was using. While changing out systems could potentially leave them susceptible to an additional attack, it had to be done, to help prevent any future attacks. Chase also sent out new debit cards to anyone that may have been a victim of stolen data. This attack was very concerning to me, since Chase is such a large institution. I do not feel that they were very forthcoming about the events that took place. At the same time, they are a bank, and security is the issue, so I am not certain that anyone really needs to know the details. As they stated in their SEC statement, they would not hold customers liable for transactions related to this breach. As a consumer, I would like to know what the plan is for preventing it from occurring again. The fact that they hired ex-military cybersecurity experts and they meet every few weeks, does not appease me. The Office of Personnel Management database, which houses all military personal identifiable information, was secured and monitored by military