Home Depot Inc.’s data breach, which put about 56 million payment cards at risk, has fed fraudulent transactions that in some cases have drained money from customer bank accounts, the Wall Street Journal reported.
Stolen information on credit and debit cards has been used to buy prepaid cards, electronics and groceries, the newspaper reported, citing unidentified people familiar with the attack’s fallout. The amount and types of fraud are about the same as in other big breaches, the publication cited the people as saying.
Home Depot, the world’s largest home-improvement chain, announced it was looking into “suspicious activity” Sept. 2, the day it learned from banks and law enforcement that criminals may have obtained data. The retailer released an estimate for affected cards last week, saying hackers’ software may have infected its systems from April to this month and that it expects to pay about $62 million this year to deal with the incursion, with some covered by insurance.
“There is no evidence that debit PIN numbers were compromised,” the Atlanta-based company said Sept. 18.
Spokesmen for the retailer and the largest U.S. card- issuing banks — JPMorgan Chase & Co., Bank of America Corp. and Citigroup Inc. — declined to comment today on what types of suspected fraud, if any, have been seen. The firms have said they’re taking steps to protect customers. Financial institutions often are first to detect hacks at retailers by tracing increased fraud tied to cards used at a common source.
Bank investigators have spotted card information being fenced on black market websites, according to the security blogger Brian Krebs, who first reported the breach. Criminals sometimes buy numbers, then manufacture fake cards they use to purchase gift cards and goods that can be resold.
Breaches can be especially burdensome for small banks as they cover fraud costs and reissue cards, said Viveca Ware, who handles regulatory policy at the Independent Community Bankers of America trade group in Washington.
“We’re not happy that our institutions continue to incur costs related to breaches that they’re not responsible for,” she said. “We’d like to see a more efficient and timely restitution process.”
(With assistance from Elizabeth Dexheimer and Matt Townsend in New York.)
Was this article valuable?
Here are more articles you may enjoy.