Another day, another potentially huge data breach. Krebs on Security first reported that Home Depot may, in fact, be the source of a massive influx of debit and credit cards just placed on sale on the black market. There's no word on how many customers' information may be affected but early indicators are that all of the nation's 2,200 Home Depot stores across the nation have been affected.
Confirmation from Home Depot
A Home Depot spokeswoman, Paula Drake, confirmed an on-going investigation.
"We are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," Drake said. "Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible."
According to reports federal officials are saying there are similarities to other breaches that have impacted P.F. Chang's, Target and others in that it appears to be the same group of Russians and Ukrainians who have conducted the attacks. The cards were placed for sale on a web site that called the actions, "American Sanctions," perhaps in retaliation for European Union and United States efforts to sanction Russia for its incursion in to the neighboring Ukraine, according to a post in the USA Today. Trey Ford is with a Boston-based security outfit and said the similarities between breaches points to the same group as before.
"This latest batch of cards is for sale from the same underground store that sold cards from P.F. Chang's and Target," Ford explained. Krebs added that this breach could be much larger than the one that snagged Target and Chang's because it began back in April or May and, as such, has gone undetected much longer.
How can incursions be stopped?
Hack attacks are far more difficult to stop than actual data center security breaches. To protect the data center, a company can use biometric technology to lock down physical access to the center. This prevents all but permitted personnel any type of access to the center and its data. A recent Ponemon Institute survey showed that most data breaches at a center are done, maliciously or inadvertently, by employees. Savvy security managers, though, by use of fingerprint scanners, are able to use a singularly unique identifier – the prints – to prevent unauthorized access.
Creating a template with an employee's fingerprints is a non-duplicable means of identifying who's allowed in the center or not and it prevents piggy-backing or double access at the same time. Biometric access control is an effective, cost-conscious, almost foolproof way of protecting the data center and its vital and proprietary data from idle or worse hands. This will also safeguard the information that keeps a company up-and-running and will protect against what could prove to be astronomical losses were a physical breach to take place.
While the Home Depot investigation proceeds past its first stages company executives and security team management would be well-suited to explore and ultimately deploy the most cutting-edge security available today, biometric technology, for the data center.
Create indisuputable audit trails with proper physical access control. Download our whitepaper here for more information.