FPCH Admin allheart55 Cindy E Posted September 5, 2014 FPCH Admin Posted September 5, 2014 Home Depot has yet to confirm that its United States stores were hit by massive theft of customer credit- and debit-cards, but evidence is increasing. Some security experts fear the rumored Home Depot data breach might be larger than Target's last year, which affected 40 million payment cards and 70 million personal accounts. Even if Home Depot isn't the source of the stolen cards, an enormous trove of American credit- and debit-card numbers have recently appeared on clandestine black market websites. Due to where and how the numbers are being sold, the thieves behind this card "dump" may be the same group responsible for the Target data breach. MORE: How to Survive a Data Breach As of this morning (Sept. 4) Home Depot has yet to officially confirm a compromise related to its payment systems. "We're looking into some unusual activity that might indicate a possible payment data breach," a post on Home Depot's corporate site reads. The stolen card data currently on sale on a black-market "carder" website called Rescator shows signs of originating at Home Depot stores, according to independent security reporter Brian Krebs, who broke the story on his blog earlier this week. The stolen accounts being sold on Rescator can be sorted by ZIP code, which makes each stolen card easier to use for fraud since banks often won't flag a local transaction. Krebs compared those ZIP codes with the ZIP codes of Home Depot's 2,200 U.S. locations -- and found a 99.4 percent match. The Rescator dump, of which Krebs only viewed a small slice, also indicates how large the breach might be. Bank sources Krebs spoke with told him the breach probably began in late April or early May of this year and continued until very recently -- about four months in total. By comparison, the Target breach affected just under 1,800 Target stores over a period of about three weeks, resulting in 40 million stolen debit and credit cards. "If a breach at Home Depot is confirmed, and if this analysis is correct, this breach could be much, much bigger than Target," Krebs wrote on his blog. The overall impact on consumers may be worse as well. Target's customers are mainly private individuals, but many of Home Depot's are small businesses and independent contractors whose business credit cards won't be as well insulated from fraud liability as private consumer cards. Rescator was also the primary selling point for card data stolen from Target, Krebs noted, and the site on which more recent dumps from Sally Beauty, PF Chang's and Harbor Freight have been sold. It's possible the same group, or linked groups, of carders may be behind each theft. What can you do? If you believe your credit- or debit-card data may have been stolen, you should keep a close eye on your financial accounts for any signs of fraudulent activity. (Home Depot said that if it determines a breach did occur, it will offer free identity-protection services, such as credit monitoring, to all affected customers.) You might also contact one of the three major credit-reporting agencies, Experian, Equifax and TransUnion. Ask them to put a credit alert, which is free and lasts 90 days, on your file. You can get one free credit report from each agency per year to check for any identity fraud. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Rich-M Posted September 6, 2014 Posted September 6, 2014 This is all starting to get really old. Quote
N3 Posted September 6, 2014 Posted September 6, 2014 If possible purchase with cash & minimize identity theft. Quote
Rich-M Posted September 6, 2014 Posted September 6, 2014 Nah best way is CitiBank Virtual Credit Card...create transaction codes just for this one sale. I believe Discover also does this. Quote
FPCH Admin allheart55 Cindy E Posted September 6, 2014 Author FPCH Admin Posted September 6, 2014 Yes, Discover does do that and Chase Visa just started doing it as well. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Rich-M Posted September 6, 2014 Posted September 6, 2014 Get out I have had Chase for years and didn't know that. Quote
FPCH Admin allheart55 Cindy E Posted September 7, 2014 Author FPCH Admin Posted September 7, 2014 They haven't been doing it for more than a couple of months. Discover has been for years. Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Rich-M Posted September 8, 2014 Posted September 8, 2014 Can you show me where Discover does this. I have heard they do but never found a way to use it. Quote
FPCH Admin allheart55 Cindy E Posted September 8, 2014 Author FPCH Admin Posted September 8, 2014 I just logged into my Discover account online so that I could tell you how to use the virtual card and I see that they stopped using the virtual card system again. I haven't used it in so long that I didn't realize it. (Apparently they stopped it in Feb. 2014.) http://www.mybanktracker.com/news/2014/01/08/discover-discontinue-secure-online-account-numbers-again/ Quote ~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~ ~~Robert McCloskey~~
Recommended Posts