transparency

Companies Must Be More Transparent About Security Moving Forward

Security and Transparency

You may remember, Home Depot was affected by a sizeable data breach in 2014. The incident is widely considered one of the largest point-of-sale heists of all time because over 56 million credit cards were involved, read and compromised. Needless to say, it led to an unprecedented amount of customers affected by such a breach.

Home Depot became aware of the breach in early September of that year and quickly acted to remove “unique, custom-built malware” from infected point-of-sale systems. It had been collecting credit and financial information about customers who were buying products from the popular DIY store and completing transactions through self-checkout lanes.

In this situation, consumers swiped their credit cards, their info was collected, stored and compromised. Hackers will notoriously sell lists of personal information, including credit card data, on the black market.

One thing we’re still learning from the attack is that security is nothing to be taken lightly. It’s going to cost the company well over $179 million to pay for damages incurred during the breach, not including legal fees and additional payouts that might happen.

This, is on top of $134.5 million that Home Depot has already paid out to Visa, MasterCard and a variety of banks. Plus, there were additional consumer-related lawsuits from the breach that customers filed to protect their own interests.

All that money? It’s going to banks and financial institutions that had to deal with the brunt of the attacks on customers’ data. Any banks that filed claims will receive $2 per compromised payment card, and they don’t even have to prove their losses. This matters, because they may have already received compensation for losses from another party. So, essentially, they’re getting double the reimbursement cost.

But that’s not all. For institutions that prove their losses, they may be awarded up to 60% of their uncompensated costs in a “documented damages award,” all of which can be seen in settlement documents.

It’s no secret that credit unions, affected banks and their members were most damaged by the lax security standards the merchant had in place. It calls into question who is responsible when something like this happens.

Clearly, Home Depot didn’t do everything they could to protect the associated data, and now they’re paying for the costly mistake.

Home Depot Must Be Transparent About Security Going Forward

One stipulation set forth in the settlement is that Home Depot needs to work on their data security by doing some risk assessment and then taking the necessary steps to lock down any vulnerabilities or weaknesses.

The settlement requires them to conduct and facilitate annual reviews of service providers and vendors who have access to payment and financial information. They must also come up with a valid security-control framework that protects both customers and financial institutions from further losses.

It’s likely they will now implement a more secure point-to-point encryption (P2PE) strategy, using something like 2048-Bit RSA Encryption. This is an incredibly secure data standard that can be used to protect information in the payment industry.

Encryption locks data behind a unique passkey by making it unreadable without it, and it cannot be deciphered — known as decrypted — without the appropriate key. With encrypted databases, it doesn’t matter if hackers breach the system and steal it. Unless they can crack the encryption or have the key, they cannot read the data.

Considering the amount of money Home Depot is now doling out to amend for its mistakes, boosted security is something they will certainly be looking into. It’s also something the rest of us should be looking into for our personal bank accounts and online payment processing.

By Kayla Matthews

Kayla Matthews

Kayla Matthews is a technology writer dedicated to exploring issues related to the Cloud, Cybersecurity, IoT and the use of tech in daily life.

Her work can be seen on such sites as The Huffington Post, MakeUseOf, and VMBlog. You can read more from Kayla on her personal website, Productivity Bytes.

View Website

CONTRIBUTORS

What Futuristic Transportation Will Look Like In Your Lifetime

What Futuristic Transportation Will Look Like In Your Lifetime

Futuristic Transportation Being stuck in traffic or late for work because of a hold up on the dreaded commute could ...
Cloud-Based or On-Premise ERP Deployment? Find Out

Cloud-Based or On-Premise ERP Deployment? Find Out

ERP Deployment You know how ERP deployment can improve processes within your supply chain, and the things to keep in ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, ...
The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

The Good, Bad, and Downright Ugly Takeaways from WikiLeaks’ Vault 7

WikiLeaks’ Vault 7 If you haven’t heard of the Vault 7 WikiLeaks data dump, you’ve probably been living under a ...
How Big Data Can Empower Native Ads

How Big Data Can Empower Native Ads

Empower Native Ads The realm of big data is expanding an astonishing rate, and its presence can be felt across ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
Two 2017 Trends From A Galaxy Far, Far Away

Two 2017 Trends From A Galaxy Far, Far Away

Reaching For The Stars People who know me know that I’m a huge Star Wars fan. I recently had the ...
Cloud Services Are Vulnerable Without End-To-End Encryption

Cloud Services Are Vulnerable Without End-To-End Encryption

End-To-End Encryption The growth of cloud services has been one of the most disruptive phenomena of the Internet era.  However, ...

NEWS

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

Deloitte TMT Predictions: Machine Learning Deployments, On-Demand Content and Live Events Will Continue to Drive Growth

NEW YORK, Dec. 12, 2017 /PRNewswire/ -- Deloitte forecasts double digital growth in machine learning deployments for the enterprise, an increasing worldwide ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...