Home Depot Data Breach: 56M Payment Cards May Be Affected

Home Depot announced a data breach earlier this month but provided few details. On Thursday, the company announced the breach may have affected as many as 56 million payment cards.

The breach is being blamed on malware that was present in the store's registers from April to September, though the malicious software was confirmed as eliminated on Thursday, reports Business Insider. During these five vulnerable months, tens of millions of unique payment card credentials were at risk, and the customers holding those cards may want answers.

What can your business learn from this Home Depot breach?

Home Depot Needs Fixing

Since it began its investigation on September 2, Home Depot has since learned much more about the data breach that has potentially affected millions of customers. In a press release Thursday, the home improvement retail chain confirmed that:

• A custom-built, previously unseen malware was used to infiltrate Home Depot's payment systems;
• Some 56 million cards were potentially put at risk; and
• The malware was present from April to September 2014.

The "custom-built" portion may seem irrelevant, but there was some speculation that the malware used for the Target data breach was the same one present in Home Depot. If that were the case, Home Depot's cybersecurity team may have been negligent in shoring up its digital defenses against a known malware threat.

Although it may be a little too late, Home Depot also announced that it began a new payment data encryption project in January, one which was officially rolled out on September 13. Home Depot promises this new security protection takes payment card info and "scrambles it to make it unreadable and virtually useless to hackers." The company also plans to make use of "Chip and Pin" technology by the end of the year.

Nuts and Bolts of Breach

So what should your company take away from this Home Depot breach? Here are three reminders:

1. Take malware threats very seriously, as they could cripple your small business financially;
2. Respond quickly to news of a data breach and remedy the problem ASAP (Home Depot took about two weeks); and
3. Invest seriously in cybersecurity, not only as a response to threat of litigation but as a general business practice.

It's also possible that this breach was less serious than Home Depot is reporting, but when faced with cybersecurity threats, your business needs a robust response.

Follow FindLaw for Consumers on Google+.

Related Resources:

• Home Depot's Malware Hints That Its Hackers Weren't Target's (Bloomberg Businessweek)
• 3 Simple Ways Businesses Can Thwart Hackers (FindLaw's Free Enterprise)
• 'Heartbleed' Flaw: What Businesses Need to Know (FindLaw's Free Enterprise)
• Customer ID Theft: Are Businesses Liable? (FindLaw's Free Enterprise)