Friday, September 19, 2014

ALERT: 282000 card numbers from Wisconsin Home Depot breach for sale ...

We are getting reports that a specific Home Depot location in Wisconsin has shown up on a website for sale.

News Story:
More than 282,000 credit and debit card numbers stolen from Wisconsin stores during the recent Home Depot data breach have been offered for sale on the black market, a Milwaukee Journal Sentinel investigation has found.

The company said Thursday that the data breach had exposed an estimated 56 million payment cards, eclipsing the Target data breach, which involved 40 million cards. The malware that caused the breach has now been eliminated, the company said in a news release.

Home Depot has not disclosed which locations were affected, but the Journal Sentinel examination found credit card numbers were breached at all of the company's 26 Wisconsin locations.

In less than a minute, the Journal Sentinel — legally and without payment — gained access to the underground website on which the card numbers are for sale. It's the same group that sold millions of card numbers stolen in the Target breach last year.

The site caters to criminals looking to buy card numbers they can use to withdraw cash or buy electronics and gift cards. It lets potential buyers browse credit and debit cards by type, expiration date, name of the financial institution that issued the card and location of the Home Depot store where the card was compromised.

Hackers provide the full card number and name of the cardholder when purchased. The Journal Sentinel did not seek or gather that information.

As of Thursday, the seller of the stolen card numbers still guaranteed a valid rate of 100%, something hackers promise only when they're confident the cards have not yet been canceled. The validity rate falls over time.

"When they're 100% valid, that's an indicator that the merchant hasn't fixed the problem yet," said Brian Krebs, the cybersecurity reporter who broke the stories on the breaches at Target and Home Depot. "It's a live breach."

--Nothing Follows--

We will provide additional information as it becomes available.

No comments:

Post a Comment