Technology

Home Depot data breach triggers fraud

Star news services
Stolen information on credit and debit cards in Home Depot’s data breach has been used to buy prepaid cards, electronics and groceries, according to a Wall Street Journal report.
Stolen information on credit and debit cards in Home Depot’s data breach has been used to buy prepaid cards, electronics and groceries, according to a Wall Street Journal report. Keith Srakocic The Associated Press

Home Depot’s data breach, which put about 56 million payment cards at risk, has fed fraudulent transactions that in some cases have drained money from customer bank accounts.

As a result, Capital One Financial and JPMorgan Chase & Co. said Wednesday they are preparing to reissue credit or debit cards to customers to head off more possible losses.

Earlier this month, Home Depot confirmed that malicious software had stolen data through its checkout terminals between April and September. Target, Michaels and Neiman Marcus also have been attacked by hackers in the past year.

Lenders often issue customers new cards after they have been lost, stolen or used to make an unauthorized purchase, but Capital One and JPMorgan are taking action based on whether accounts may be compromised.

Stolen information on credit and debit cards used at Home Depot have been used to buy prepaid cards, electronics and groceries, The Wall Street Journal reported, citing unidentified people familiar with the attack’s fallout. The amount and types of fraud are about the same as in other big breaches, the publication said.

Home Depot announced it was looking into “suspicious activity” Sept. 2, the day it learned from banks and law enforcement that criminals may have obtained data. The retailer released an estimate for affected cards last week, saying that hackers’ software may have infected its systems from April to this month and that it expects to pay $62 million this year to deal with the incursion, with some covered by insurance.

“There is no evidence that debit PIN numbers were compromised,” the Atlanta company said Sept. 18.

Spokesmen for the retailer and the largest U.S. card-issuing banks — JPMorgan Chase, Bank of America and Citigroup — declined to comment on what types of suspected fraud, if any, have been seen. The firms have said they are taking steps to protect customers. Financial institutions often are first to detect hacks at retailers by tracing increased fraud tied to cards used at a common source.

Bank investigators have seen card information being fenced on black market websites, according to the security blogger Brian Krebs, who first reported the breach. Criminals sometimes buy numbers and then make fake cards they use to buy gift cards and goods that can be resold.

Breaches can be especially burdensome for small banks as they cover fraud costs and reissue cards, said Viveca Ware, who handles regulatory policy at the Independent Community Bankers of America trade group in Washington.

“We’re not happy that our institutions continue to incur costs related to breaches that they’re not responsible for,” she said. “We’d like to see a more efficient and timely restitution process.”

This story was originally published September 24, 2014 at 10:18 AM with the headline "Home Depot data breach triggers fraud."

Get unlimited digital access
#ReadLocal

Try 1 month for $1

CLAIM OFFER