Home Depot has not confirmed what we knew all along, namely that they had been hit by a massive data breach that may involve as many as sixty million Home Depot customers going back to April 1, 2014. The hacking of Home Depot followed the same pattern that we first saw in the hacking of Target last year, which was the first in what is already a long line of data breaches including, but not limited to Neiman Marcus, P.F. Chang’s, Goodwill and U.P.S. As usual, due to the effectiveness of the malware used by what is probably the same Eastern European hackers, it was not Home Depot that first discovered the data breach, but rather banks monitoring credit card usage that were able to find a common denominator in fraudulent use of credit cards and trace it back to Home Depot. The hackers who accomplished the Home Depot data breach are now selling the stolen credit and debit card information on black market websites in large batches. Interestingly, along with the credit card numbers and debit card numbers, the hackers also are selling the state and zip code for the particular cards. This enables the hackers to defeat some fraud detection programs that pick up charges made from areas far from the home of the card holder. The identity thieves buying the card information can either buy card information for cards in their area and use them there or use them online.
Home Depot has announced that it is providing a year’s free credit monitoring through All Clear ID. The offer is being made to Home Depot customers who used their credit or debit cards at Home Depot between April 1, 2014 and September 9, 2014. If you wish to enroll, you can either go to Home Depot’s website http://www.HomeDepot.com or All Clear ID’s special website http://www.homedepot.allclearid.com. It is very important to note that many people will be receiving emails, texts and phone messages purporting to be from Home Depot providing links to supposedly help you apply for the credit monitoring. Many people will also be called on the phone and asked by purported representatives of Home Depot for personal information including credit card information in order to enroll in the credit monitoring program. These emails and text messages are scams designed to get you to download keystroke logging malware that will steal all of your information from your computer to make you a victim of identity theft while the calls are from scammers seeking to have you provide them the information they need to make you a victim of identity theft.
Don’t click on links in emails or text messages promising to help you enroll in the free credit monitoring program. You can’t be sure that the emails or text messages are legitimate. Don’t provide personal information including credit card information over the phone to anyone you have not called unless you are absolutely sure that they are legitimate. Instead go directly to the Home Depot website, http://www.homedepot.com or All Clear ID’s special website for Home Depot hacking victims, http://www.homedepot.allclearid.com where you can sign up for the credit monitoring service. The malware used by the Home Depot hackers is still being used against many other companies and we can expect more and more data breaches in the future. To protect yourself, do not use your debit card for purchases. Use a credit card for purchases and monitor your card usage regularly for indications of fraud.