Over the past week we’ve been assisting clients in responding to the recent confirmed Home Depot breach. While information regarding the scale and scope of the breach of point-of-sale systems in the U.S. and Canada has been developing, Home Depot’s release late yesterday of an updated press release (available here), provides additional public details:
- 56 million payment cards are estimated to be involved in the breach, making this larger than Target’s mammoth breach, in which 40 million credit and debit cards were compromised;
- The malware involved is claimed to be a “unique, custom-built malware to evade detection” which, according to Home Depot’s security partners “had not been seen previously in other attacks”;
- No PIN numbers were compromised for debit cards, according to available forensics;
- Home Depot estimates that the cost of its response to the breach will be approximately $62 million, at this time.
While data breaches are often inevitable, they are also in many cases preventable through a rigorous information security program that begins with understanding data storage locations, data flow and the types of data captured. On the other end of the risk management spectrum is ensuring that your levels of cyberrisk insurance coverage are adequate and include the proper endorsements against specific risks.
To discuss your data breach plans or simply to gain a reality check on your information security efforts, feel free to contact us at the Sm@rtEdgeLaw Group at any time.