Infected self-checkout terminals at Home Depot have emerged as the prime suspect into a systems breach whose damage to the retailer is still being tabulated.
The ongoing investigation into the Home Depot hit, discovered September 2, is being billed as the biggest breach in the history of American retail chains, with 56 million credit card and pin numbers boosted by hackers. Now investigators are focusing their attention on Home Depot’s self-checkout machines as the likely point of entry for hackers to enter Home Depot’s systems that store sensitive customer data.
The malware inserted into Home Depot by hackers, who are thought to be operating in Eastern Europe, was done so on the home retailer’s point-of-payment systems in the their self-checkout lane terminals, according to Krebs on Security, citing people close to the investigation.
The damage done by the Home Depot hit is still being tallied by the company’s banking and financial partners, who alerted the retailer in early September that millions of cards being dumped on the cyber black market were from Home Depot customers. The investigation continues and is being led by the Secret Service, with Symantech also involved.
Security experts told VentureBeat that self-checkout terminals typically run Windows XP, use store-bought MS 56 or 128 bit encryption, and are easier to crack than POS terminals. While POS terminals are typically operated by cashiers, self-checkout, as the term applies, generally has no physical oversight. And this could be aiding the hackers.
Proving that malware doesn’t discriminate, Malwarebytes chief executive Marcin Kleczynski was on of the victims of the Home Depot hit and had to change his credit card because of it.
Malwarebyte’s head of intelligence Adam Kujawa told VentureBeat that the problem with the Home Depot breach wasn’t actually the malware itself, but its entry points into the retailers systems. Retailers like Target, hit by hackers in December who stole approximately 40 million card and pin numbers, and Home Depot are not, he said, doing what needs to be done in protecting customer data.
Kujawa said that at this point, information on the Home Depot breach is not fully understood because the retailer hasn’t released technical details of the hit. But he stated that retailers need to get serious about protecting customer data.
“It comes down to the retailers not doing enough to safeguard their systems. Credit card information is sensitive information, and they need to make sure it’s secure,”Kujawa said.