Last week Home Depot officially confirmed what security experts had already suspected since Sept. 2: yes, hackers did indeed manage to steal confidential customer data from Home Depot shoppers: 56 million debit- and credit-card numbers in all, making it the largest such breach on record. Any payment card used at a Home Depot store between April and Sept. 2 of this year is potentially at risk.
The very next day, The New York Times reported that the company had repeatedly been warned of its weak, at-risk security practices as far back as 2008, yet did nothing about the news. Sources for the Times said that the company relied on outdated security software, even as some securty experts left the company after managers repeatedly dismissed their concerns.
Even when Home Depot finally started to listen and tried doing the right thing, it backfired badly: the Times also said that “in 2012, Home Depot hired a computer engineer to help oversee security at its 2,200 stores. But this year, as hacks struck other retailers, that engineer was sentenced to four years in prison for deliberately disabling computers at the company where he previously worked.”
Our own readers were, for the most part, completely unsurprised by initial reports that Home Depot's data security might not be up to snuff: on Sept. 2, when we first reported the mere unconfirmed possibility of a Home Depot data breach, the people who commented on the story were downright blasé about the prospect.
“I can believe this,” comented S. Garcia posted, while another commenter, R. Watters, went into more detail:
This is nothing new. My bank account was debited over $1600 last year for two gift cards at two Home Depot stores in Texas. Apparently, someone got a hold of my debit card number at Home Depot. My bank credited my account, but Home Depot could not have cared less. One of the managers at the [redacted] store was even upset that someone gave me his name to contact. I no longer shop at Home Depot.
T. Hostetler pointed out another problem:
If you return an item to Home Depot that you charged on a credit card and you present a receipt, they will credit your credit card account for the return without you giving them your card again. Why in the hell are they allowed to store your credit card information on their computers? Just because you bought an item from them, should not give them the right to keep your credit card information as long as they see fit!
What to do
For what it's worth, Home Depot is offering free identity-theft protection services, including credit monitoring, to any customer who used a payment card during or after April 2014.
Interested customers should call 1-800-HOMEDEPOT (800-466-3337) in the United States, or 800-668-2266 in Canada.