Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Was the Home Depot Security Breach Politically Motivated?

By , Julio Urquidi - Source: Toms IT Pro

UPDATED 9:50 a.m. PT Tuesday (Sept 9) with more information from Home Depot and Brian Krebs.

It hasn't even been a year and we may be looking at a security breach that surpasses the Target fiasco of last fall. Security analyst Brian Krebs was recently contacted by several banks about a large number of stolen credit cards. Although the size of the attack has not been confirmed, Krebs speculates that Home Depot's security breach "could be many times larger" than Target's. Read: Credit Card Breach at Home Depot via Brian Krebs.

Home Depot is currently investigating the security breach and has released a statement; however, the company has not yet confirmed the leaked cards were stolen from Home Depot.

"I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," said Home Depot spokesperson Paula Drake in a prepared statement. "If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further -- but we will provide further information as soon as possible."

The banks in contact with Krebs found and bought many customer cards from the online black market in the rescator[dot]cc store. There seems to have been rapid response from the banks, as the two groups of stolen cards were purchased the same day they were moved to the store, on September 2nd.

There is a possibility this attack has been occurring since late April or early May of this year. With this in mind, some bank sources believe this attack may exceed that of the Target breach of last fall. Additionally, ZIP code information gathered and analyzed by Krebs, shows the attack may have covered all 2,200 U.S. Home Depot locations, sparing the 287 locations in Canada, Guam Puerto Rico and Mexico. Read: Target Stores Hit with Massive Data Breach

This breach may be more than a financial venture. "In what can only be interpreted as intended retribution for U.S. and European sanctions against Russia for its aggressive actions in Ukraine, this crime shop has named its newest batch of cards 'American Sanctions.'" A second batch of cards from Europeans banks, but used in US stores, was titled “European Sanctions," according to Krebs.

This security breach may, in fact, be the same group that attacked Target, P.F. Chang's and Sally Beauty. The hacker group that carried out those attacks contains members from both Ukraine and Russia.

There's still no word on how the Home Depot credit card information was stolen, but we can recall that in Target's case there was an estimated 110 million possible customers affected by the "BlackPOS" malware attack on the store's point-of-sales system in late 2013. According to one report, the breach triggered alarms, but Target did not act upon the alerts that could have prevented the data theft, eventually leading to the resignation of Target's Chief Information Officer and Chief Executive Officer the year after.


In an updated statement, Home Depot confirmed that their systems were compromised and that the security breach "could potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward." According to blogger Brian Krebs, the DIY retail chain was hit by a variant of the BlackPOS malware that was used on Target.