Home Depot In the Headlines
Expect This to be a Daily Thing Over the Next Several Weeks
How would your customers like to be Home Depot right now?
Who’s at risk? Remember Sound Bites? I talk about this extensively in The House & the Cloud. And the new edition has an entire chapter on how to effectively use sound bites, and how to not use them.
Home Depot is heating up and overtaking the stage from Target. The number might exceed 60 million identities on this one – up from 40 million with Target. The amount of time these hackers had access is certainly longer. Let’s look at some key sound bites coming to the forefront of this story…
- “U.S. states probe Home Depot breach, senators seek FTC investigation” – How about this for a headline? This should wake up just about any CIO. How would your customers like to have the FTC investgating. It gets worse…(Read the entire article).
- “Two senators asked the federal government to investigate a data breach on the payment-card processing systems,” – If the FTC isn’t enough, how about having senators and other governmental officials requesting more investigation. This makes it sound like Home Depot isn’t really on top of this.
- “An Illinois customer sued Home Depot saying the company failed to properly safeguard customer data from hackers.” – The lawsuits are just starting…Home Depot didn’t properly safeguard the data? That’s a due care issue and a serious one if they prove it.
- “The news also caught the attention of credit ratings agency Moody’s, which said the attack is a “negative” factor.” – Credit ratings are taking a hit?
- “If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information,” the senators said in a statement. “Such conduct is potentially unfair and deceptive, and therefore could violate the FTC Act.” – speaking of the two senators above.
- “When asked if investigators had confirmed the attackers had been removed from the company’s network, Drake declined to comment.” – Translation; they don’t really know. If Home Depot’s networks is under control now, don’t you think they would be broadcasting that fact loud and clear? This has to be bad for business.
- “Home Depot shares fell 2.1 percent to $88.93” – and of course a fall in stock price. Expect to see some numbers on how much this is going to cost the company. It was 1.4 million last time I saw numbers on Target. Will this exceed that?
The Really Scary Part of this is that Home Depot did not Detect the Attack!
These hackers have been in the systems for at least 4 months according to WSJ reports, but it was the banks reporting fraudulent activity that brought this to light. In The House & the Cloud I discuss the need for detection – I point out that perimeter protection only keeps the honest people out. At least Target detected their attackers within weeks of the attack. This is a disaster.
How can shoppers go back to Home Depot if they’re not sure things are repaired. The company says card holders won’t be responsible for fraudulent charges. Will that be the case on debit card transactions too? And what about those who don’t take the time to scrub through all of their cards and transactions? Will the bank notice a wrong transaction and call it to the consumer’s attention? Maybe, but maybe not.
What To Do With This…
This is the perfect time to create some sort of briefing! You have Target, Home Depot, Chip & Pin trends, PCI and compliance…was Home Depot PCI compliant? I didn’t see that mentioned, but I bet they were! If that’s the case, what does that say about PCI compliance? Does compliance make a company secure?
Next week I’ll be speaking to CIOs in the DC area at a reseller lunch & learn. (Thanks to Check Point for sponsoring this event!) What are you doing to do with it? It’s not all about Home Depot – it’s about hackers, their tools, and the weak security programs these companies have in place.
If you provide security solutions and managed services, don’t just go in spouting off about Home Depot. Instead, consider the briefing approach. What trends are relevant right now? What mistakes are companies making? What does this have to do with PCI compliance? What tools, education, and processes, should be put in place to prevent this sort of thing. We can’t change the dates on Chip & Pin requirements, but we can show business leaders how to become a less attractive target for hackers.
© 2014, David Stelzl
P.S. Are you signed up for my session tomorrow on Making the Move From Vendor to Advisor?
Save me a seat! << Get a seat now!
DO you have my special report? Don’t Get Fired!!!!