Home Depot announced earlier in the month that its payment system has been compromised, putting payment cards used in its U.S. and Canada branches starting in April of this year at risk. Reports are now coming in that data stolen because of the breach is now being used in fraudulent transactions all over the country.
According to people familiar with the Home Depot breach, the fraudulent transactions range in type but include the purchase of electronics, prepaid cards, and groceries, and draining bank accounts clean. In certain instances, transactions are even tracked to groups of cardholder accounts connected to specific ZIP codes.
Alongside acknowledging the breach, Home Depot said it was offering account monitoring services to affected customers, but it looks like the retailer's efforts are a little bit too late.
Financial institutions are pitching in as well, strengthening efforts at blocking transactions by rejecting anything that appears unusual. This is nothing new to them, but the extent (subscription required) of the attack is the largest so far that they've had to deal with.
Last year, Target was also the victim of a security breach leading up to the holiday season in which 40 million cards were believed to be compromised. At 56 million cards affected, the Home Depot breach is the largest so far in the string of cyberattacks on retailers.
According to consulting firm Javelin Strategy & Research, losses due to fraud on existing credit card and bank accounts is at $16 billion, a spike of 45 percent from last year's figures. Customers are not responsible for charges incurred from unauthorized transactions but still have to provide the necessary paperwork denying the fraudulent charges.
From Colorado Springs in Colorado alone, Air Academy Federal Credit Union has detected around $20,000 worth of attempted transactions originating from cards compromised in the Home Depot breach. With the rise in cases, the credit union has added people to its fraud department, beefing up the presence especially on weekends when criminals are like to make purchases using counterfeit cards.
Still, it's too early to say just how many fraudulent cases will be traced back to the attack on Home Depot. The retailer is the most recent victim but it's not the only one. It's possible that a certain portion of the reported incidents are for credit cards compromised in another breach.
Aside from requesting replacement cards from their banks, affected individuals are urged to be wary of emails or phone calls asking for personal information like their mother's maiden name, Social Security number, and date of birth. These are post-breach phishing attempts that hackers employ when they don't get all of the information they need from a hacking attack.
