Did Home Depot Ignore Hack Warnings From Employees?
According to a report in the NY Times, computer experts at the Depot told the retailer of the risk as far back as 2008, but the company failed to respond in a timely manner, resulting in the theft of at least 56 million card numbers.
The former Depot employees say the company used malware detection software from 2007 and failed to continuously monitor all the company’s systems for signs of odd activity. They claim that vulnerability scans were done irregularly and often on only a small number of the 2,200 Home Depot stores in the U.S.
Some say they quit their jobs when managers ignored their concerns, with a common dismissive response from management being, “We sell hammers.” One former employee for the company says they told their friends to use cash when paying at the Depot.
Home Depot counters the employees’ claims by pointing out that the strain of malware used to infiltrate the in-store payment system had not been seen before (though other reports claim it was a variant on the strain used to attack Target stores in 2013). The company also says that it has been compliant with retail industry standards for network scanning since 2009.
“Our guiding principle is to do what’s right by our customers,” a rep for the company said, while putting on an orange apron and directing you to free credit monitoring.
Speaking of which, over the weekend, Home Depot wrote those customers for whom it had e-mail addresses, restating many of the same things it’s already said to the media — that the malware has been contained, that debit card PINs don’t appear to have been stolen, and that anyone who used a card at Home Depot from April 2014 on is now eligible for a free 12 months of identity protection services from the store.
Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.