#CyberFLASH: Leaks, breaches and cyberattacks: the biggest hacks of 2014

image

Loopholes were exploited and security barriers toppled as hackers reigned in 2014. Multinational corporations, celebrities, and government websites all fell victim to cyberattacks.

Let’s face it, nowadays it takes more than run-of-the-mill password protection to stay secure — especially when the most common password is “123456” — to keep private data safe.

Here are the cyberattacks of significance this year.

Heartbleed infects the CRA

With a name like Heartbleed, it is hard to picture anything but the all-too-common Hollywood trope of a “nerd” typing frantically at a Matrix-esque black and green screen.

Last April, the computer bug that exploits a flaw in widely-used encryption software was responsible for allowing a hacker to access taxpayer data from the Canada Revenue Agency.

Read more here

 

#CyberFLASH: Home Depot facing lawsuits in Canada, U.S. over data breach

Close up of wooden gavel at the computer keyboardHome Depot faces at least 44 lawsuits in the United States and Canada over a massive data breach earlier this year that affected 56 million debit and credit cards.

The nation’s biggest home improvement retailer said Tuesday in a regulatory filing that several state and federal agencies also are looking into the data breach and it may face more litigation from customers, banks, shareholders and others.

Home Depot said the litigation and the investigations may distract management and affect how it runs its business. It also could lead to additional costs and fines. But those expenses aren’t clear yet because the cases are in early stages, the company said in a quarterly filing with the Securities and Exchange Commission.

The company said earlier this month after announcing third-quarter earnings that it anticipates a fourth-quarter breach-related expense of about $27-million, but only about $6-million after insurance.

Home Depot has a $100-million insurance policy for breach-related expenses. That comes with a $7.5-million deductible.

Read more here

Home Depot hacked: 64,000 Canadian e-mails stolen

leaked_data_focus_455234Home Depot Inc., which suffered a data breach between April and September, said 53 million e-mail addresses were taken by hackers during the attack, in addition to the 56 million payment cards that were previously disclosed. 64,000 of the total accounts breached are from Canada, according to Home Depot in a statement to BNN.

Home Depot also said Thursday that the criminals used a third-party vendor’s user name and password to reach the perimeter of its network, then gained additional rights to navigate the company’s systems. Hackers used custom-built software on Home Depot’s self-checkout terminals in the U.S. and Canada to access customer data, according to a statement.

“Customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony e-mails,” the Atlanta-based company said.

Home Depot, which first acknowledged the attack in September, has become one of the biggest victims of hackers’ war on retailers. The world’s largest home-improvement chain has said it expects to pay about $62-million (U.S.) this year to recover from the incursion, including additional costs for call-center staffing and legal expenses. Insurance will cover $27-million of that tab, the company said.

Read more here

#CyberFLASH: The escalating arms race against cybercrime

webjohnproctor

Martin Knuth is one of Home Depot’s most loyal customers. But after the home improvement giant revealed last month that hackers had accessed the confidential credit card information of 56 million North American customers, the Regina retiree became concerned enough to help launch a class action lawsuit against the retailer.

So far, Mr. Knuth hasn’t found any fraudulent charges on his account – and he still shops at Home Depot. “It hasn’t changed my buying, per se,” said Mr. Knuth, who estimates he shops at his nearby Home Depot 10 times more than the average person. However, he acknowledged that the risk of his data being compromised “is still fairly high.”

Massive data breaches affecting tens of millions of people like Mr. Knuth are occurring with alarming frequency. In the past few months, a slew of hacks have taken place at companies such as Kmart, Staples, Dairy Queen and JPMorgan, where more than 80 million accounts were exposed. Three of the top 10 data breaches in history happened this year and experts say 2014 will be the worst on record, surpassing last year’s tally of 822 million exposed records worldwide, according to cybersecurity firm Risk Based Security. That’s almost double the number from 2011 and the actual figure could be far higher since experts say most breaches are kept quiet.

Read more here

#CyberFLASH: Home Depot eliminates malware that affected 56 million credit cards

home_depot.jpg.size.xxlarge.letterbox-2

TORONTO – Home Depot said Thursday that 56 million payment cards used at its American and Canadian stores between April and September were compromised by a type of criminal software that hadn’t previously been seen in other attacks.

The Atlanta-based home improvement retailer said any terminal with the malware has been taken out of service and that it completed introducing new encrypted terminals in all of its U.S. stores on Sept. 13, less than two weeks after the attack was discovered.

Home Depot says it will complete installing new encrypted terminals at its Canadian stores early next year but added they are already equipped to handle credit cards with embedded chips and personal identification numbers.

The company continues to say there is no evidence that debit card personal identification numbers have been compromised or that online shoppers were affected at homedepot.ca or homedepot.com.

Read more here

#CyberFLASH: UPDATE – Canadian cards from Home Depot attack appear to be for sale online

home_depot.jpg.size.xxlarge.letterbox-2

Canadian credit and debit cards compromised in a recent hacker attack on Home Depot appear to be available for sale online.

Security researcher Brian Krebs, who first reported the attack last week, said on Tuesday that the stolen data, which can be used to make fake cards, is available for sale online. Cards issued by all of the big five Canadian banks — RBC, TD, CIBC, BMO and Scotiabank — are listed on at least one website selling hacked credit card information.

American Express cards and cards issued by a number of smaller banks and credit unions are also on the list.

Home Depot said on Tuesday that Canadian credit and debit cards could have been compromised in the attack, which targeted customer information at the company’s stores in Canada and the U.S.

People who have used credit or debit cards at Home Depot stores in Canada since April 2014 may have had their card information stolen, a company spokesperson said.

Read more here

#CyberFLASH: Home Depot says data breach may have affected Canada

home_depot.jpg.size.xxlarge.letterbox

The Home Depot Inc. confirmed Monday that its payment data systems have been breached, potentially affecting customers who used cards at U.S. and Canadian stores, dating as far back as April.

“While the company continues to determine the full scope, scale and impact of the breach, there is no evidence that debit PIN numbers were compromised,” according to a company press release.

“Home Depot’s investigation is focused on April forward, and the company has taken aggressive steps to address the malware and protect customer data.”

The company said there is no evidence that the breach has affected stores in Mexico or customers who shopped online at HomeDepot.com.

The company is offering free identity protection services, including credit card monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.