
HOME DEPOT is a big box retailer in the USA. It suffered from a security breach that affected 56 millions payment cards.
The malware used in the attack is most likely to have been used in others attack. Briankrebs who reported the attack suggests that the BlackPOS malware which was used againt TARGET was also used in this case. The hackers started by compromising a third-party supplier workstation and manage to install the malware in the point-of-sale terminal. At this point the collection of credit card entry data was automated and sent to an offsite collection system.The malware was present between April and September 2014, though the incident was first reported in September 02, 2014.
By now, the malware elimination and enhanced encryption of Payment data in all US stores have been completed.
Lesson learned: In this recent POS attack, Payment Card Industry (PCI) regime could improve this. Home Depot should look to UPSStore example to learn how to report a breach. Online merchants need to resist fraudulent use of credit cards : Verified by VISA, MASTERCARD SecureCode, Paypal, Apple Pay. Finally, Home Depot Customers must demand new account numbers. Why on this earth aren’t you using white listing on PCs attached to payment devices?.