Brian Krebs reports:
Nearly a week after this blog first reported signs that Home Depot was battling a major security incident, the company has acknowledged that it suffered a credit and debit card breach involving its U.S. and Canadian stores dating back to April 2014. Home Depot was quick to assure customers and banks that no debit card PIN data was compromised in the break-in. Nevertheless, multiple financial institutions contacted by this publication are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts.
The card data for sale in the underground that was stolen from Home Depot shoppers allows thieves to create counterfeit copies of debit and credit cards that can be used to purchase merchandise in big box stores. But if the crooks who buy stolen debit cards also are able to change the PIN on those accounts, the fabricated debit cards can then be used to withdraw cash from ATMs.
Read more on KrebsonSecurity.com.
Attempting to monetize the breach, Experian took to press releases yesterday to announce that they were offering ProtectMyID services for the bargain basement price of less than 1 dollar per month. Do not misconstrue my inclusion of that news as any kind of recommendation or endorsement, as it’s not.