Companies Must Be More Transparent About Security Moving Forward

Security and Transparency

You may remember, Home Depot was affected by a sizeable data breach in 2014. The incident is widely considered one of the largest point-of-sale heists of all time because over 56 million credit cards were involved, read and compromised. Needless to say, it led to an unprecedented amount of customers affected by such a breach.

Home Depot became aware of the breach in early September of that year and quickly acted to remove “unique, custom-built malware” from infected point-of-sale systems. It had been collecting credit and financial information about customers who were buying products from the popular DIY store and completing transactions through self-checkout lanes.

In this situation, consumers swiped their credit cards, their info was collected, stored and compromised. Hackers will notoriously sell lists of personal information, including credit card data, on the black market.

One thing we’re still learning from the attack is that security is nothing to be taken lightly. It’s going to cost the company well over $179 million to pay for damages incurred during the breach, not including legal fees and additional payouts that might happen.

This, is on top of $134.5 million that Home Depot has already paid out to Visa, MasterCard and a variety of banks. Plus, there were additional consumer-related lawsuits from the breach that customers filed to protect their own interests.

All that money? It’s going to banks and financial institutions that had to deal with the brunt of the attacks on customers’ data. Any banks that filed claims will receive $2 per compromised payment card, and they don’t even have to prove their losses. This matters, because they may have already received compensation for losses from another party. So, essentially, they’re getting double the reimbursement cost.

But that’s not all. For institutions that prove their losses, they may be awarded up to 60% of their uncompensated costs in a “documented damages award,” all of which can be seen in settlement documents.

It’s no secret that credit unions, affected banks and their members were most damaged by the lax security standards the merchant had in place. It calls into question who is responsible when something like this happens.

Clearly, Home Depot didn’t do everything they could to protect the associated data, and now they’re paying for the costly mistake.

Home Depot Must Be Transparent About Security Going Forward

One stipulation set forth in the settlement is that Home Depot needs to work on their data security by doing some risk assessment and then taking the necessary steps to lock down any vulnerabilities or weaknesses.

The settlement requires them to conduct and facilitate annual reviews of Service Providers and vendors who have access to payment and financial information. They must also come up with a valid security-control framework that protects both customers and financial institutions from further losses.

It’s likely they will now implement a more secure point-to-point encryption (P2PE) strategy, using something like 2048-Bit RSA Encryption. This is an incredibly secure data standard that can be used to protect information in the payment industry.

Encryption locks data behind a unique passkey by making it unreadable without it, and it cannot be deciphered — known as decrypted — without the appropriate key. With encrypted databases, it doesn’t matter if hackers breach the system and steal it. Unless they can crack the encryption or have the key, they cannot read the data.

Considering the amount of money Home Depot is now doling out to amend for its mistakes, boosted security is something they will certainly be looking into. It’s also something the rest of us should be looking into for our personal bank accounts and online payment processing.

By Kayla Matthews

Gamestop NFT

Could GameStop Issue An NFT Dividend?

NFT Dividends A Non-Fungible Token (NFT) is a piece of data that is stored on a blockchain that certifies a digital asset to be unique. An NFT can represent pictures, videos, GIFs, audio and other ...
David Loo

The Long-term Costs of Data Debt: How Inaccurate, Incomplete, and Outdated Information Can Harm Your Business

The Long-term Costs of Data Debt It’s no secret that many of today’s enterprises are experiencing an extreme state of data overload. With the rapid adoption of new technologies to accommodate pandemic-induced shifts like remote ...
Marcus Schmidt

What IT Leaders Should Know About Microsoft’s Operator Connect

Microsoft’s Operator Connect Earlier this year, Microsoft announced a new calling service for Microsoft Teams (Teams) users called Operator Connect. IT leaders justifiably want to know how Operator Connect is different from Microsoft’s existing PSTN ...
Jim Fagan

The Geopolitics of Subsea Connectivity

Subsea Connectivity Digital transformation and the migration of data and applications to the cloud is a global phenomenon. While we may like to think that the cloud knows no borders, the reality is that geopolitics ...
Brian Rue

What’s Holding DevOps Back

What’s Holding DevOps Back And How Developers and Businesses Can Vault Forward to Improve and Succeed Developers spend a lot of valuable time – sometimes after being woken up in the middle of the night ...

CLOUD MONITORING

The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Opsview

    Opsview

    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Nagios

    Nagios

    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.

  • Datadog

    DataDog

    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Sematext Logo

    Sematext

    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.