Home Depot recently confirmed that it has been the victim of the largest credit card breach in history, with 56 million payment cards having been stolen by clever hackers, who managed to access the giant retailer’s systems for more than four months. A report from The New York Times further reveals that while the recent hack was possible thanks to advanced malware programs that went undetected by existing security measures, Home Depot apparently has a history of ignoring the security of its customers’ payment data.
Former employees have revealed the company has been ignoring proper security procedures for years, dismissing security concerns that may have arisen. The company apparently relied on older software to protect its terminals and did not perform thorough security scans in previous years, in spite of what security team members advised. One former Home Depot security member left the company following disagreements with management, and told friends to use cash when purchasing goods from Home Depot stores.
Home Depot in 2012 even hired a security engineer to oversee security at its 2,200 stores, but he was later found to have disabled computers of a former employer for more than a month. He is now serving a four years sentence in federal prison.
Former employees further said that they did ask for new software in previous years, as well as better training, but company management always responded that Home Depot sells hammers.
The Times reveals that following the massive Target hack from late 2013, Home Depot contacted security companies to beef up its own security, but the retailer only started introducing enhanced encryption tools for credit card data systems in some of its stores in April. By that time, the hackers were already in, and they operated undiscovered until September 2, when banks and law enforcement told Home Depot the company was hacked. One estimate from an unmentioned source says that the 56 million stolen credit cards could generate $3 billion in illegal purchases.