Report: Home Depot Victim Of Same Malware Used In Target Hack

While Home Depot continues to drag its feet on confirming reports that its in-store payment systems were recently hacked, it looks like the retailer might have fallen victim to the same malicious software used to steal credit/debit card and personal information for more than 100 million Target customers in 2013.

We turn once again to cybersecurity expert Brian Krebs — responsible for both breaking the story of the Home Depot hack and for a subsequent report indicating that the breach may have hit nearly all 2,200 Depots in the U.S. — who now cites a “source close to the investigation” as saying that inspection of store cash registers has turned up evidence that some were infected with a new variant of the “BlackPOS” malware strain that collects information from customers’ cards as they are swiped.

It was a variant of BlackPOS that helped the Target hackers amass huge amounts of stolen information from customers during the 2013 holiday shopping season.

Krebs says that the use of the same type of malware, along with the fact that the recently stolen card numbers went up for sale last week on the same black market used to sell the hacked Target data indicates there might be a connection between the people responsible for the two hacks.

Nine additional batches of credit card numbers have been put up for sale on the same black market site in recent days, all under the same “American Sanctions” label used for the initial batches discovered a week ago.

As of late Sunday night, Home Depot had not publicly confirmed that a hack had occurred, though it has repeatedly stated that it is investigating the matter and working with law enforcement.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.