Home Depot Ignored Its Own Cybersecurity Team Since 2008

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Shouldn't this be criminal? You'd think when negligence leads to 56 million credit card users' data being stolen, the company should be held accountable. Right? :(

56 million credit cards were compromised in a recent hack on The Home Depot. Now, The New York Times is reporting that the company dismissed and largely ignored concerns put forth by security researchers as far back as 2008.
 
Between the CEO hating poor people, and now this... I do believe all of my lumber/plumbing/what-have-you supplies will be purchased at Menards. I used to pick and choose what to buy between the two stores but not anymore.
 
I agree with the above..

I work for a "company" that is not IT focused but relies on IT services heavily... then ignores what IT recommends for security and best practices.

This all comes from the senior management section who just don't want to pay anything but have it all at the same time.
 
Oh. Something will happen. The security team that's been screaming at them for the last 4-6 years is going to be fired for not doing their jobs. And a new team of yes-men who can hide this kind of hack better will be brought on.
 
Oh. Something will happen. The security team that's been screaming at them for the last 4-6 years is going to be fired for not doing their jobs. And a new team of yes-men who can hide this kind of hack better will be brought on.

Spot on.
 
Corporate priority list,
1)Profit
2)Assure self survival
3)Claim any business losses on their taxes, shift burden to taxpayer.

No real reason to protect customers.
 
CEO's should be held PERSONALLY responsible for this kind of crap, and sent to prison. I bet that would change things up a bit.
 
To make matters worse, The Home Depot's former security boss, Ricky Joe Mitchell, was recently sentenced to four years in prison for "deliberately disabling computers" at his previous company, the Times reports.

Ricky Joe Mitchell, LOL....the name alone should be a red flag
 
If a security team isn't making suggestions/findings no matter your security posture they're not doing their jobs.

Having security findings is not indicative of poor security.
 
Doesn't mean it's good either, but the article clearly states that the security software they were using was outdated and easy prey for hackers.

Point is.....apparently the security team identified ways to further protect OUR data, and the powers that be chose not to.

Home Depot....if you read this....guess where I DON'T shop.
 
pretty sure I got hit from the whole fiasco -- i shopped a LOT at home depot the past year, love (or loved) that place.

I had some random 50 dollar charge from flordia on my card right around the time this all went down. Can't be 100% sure it was from home depot but got a reissued chase freedom anyway. Around the same time I was traveling across the country as well, (lots of gas ups at indian casino type gas stations... they are crooked as hell too so I could have gotten skimmed there as well)

Either way -- lowes is now #1 in my book. :)
 
pretty sure I got hit from the whole fiasco -- i shopped a LOT at home depot the past year, love (or loved) that place.

I had some random 50 dollar charge from flordia on my card right around the time this all went down. Can't be 100% sure it was from home depot but got a reissued chase freedom anyway. Around the same time I was traveling across the country as well, (lots of gas ups at indian casino type gas stations... they are crooked as hell too so I could have gotten skimmed there as well)

Either way -- lowes is now #1 in my book. :)

Where I am at, Lowe's and Home Depot are pretty much my only choices for a lot of stuff.

And to make matters worse, Home Depot carries some stuff that Lowe's doesn't carry that I need.

And to top it off, Lowe's is usually more expensive for the same thing or carries inferior products compared to Home Depot.

I always do comparison shopping, and it makes me kinda disappointed that I usually have to go to both stores to get everything I need.

At least they are only 2 blocks apart from each other.

Another thing.. The powers that be at Home Depot are not gonna care one bit if they lose a couple thousand customers countrywide over this. There are plenty to replace the few that stop shopping there. It won't even show up on their radar.

The only way to get them to take notice is if all the people that had their cards compromised because of their stupid management stopped shopping there. And that just isn't going to happen no matter how much you or anybody else wants it to.
 
That is, until the same exact thing happens at Lowe's. :p

Which underscores the greater problem. All corporations are guilty of this to some degree or another. It's an inherent problem with how corporations work and why. The bottom line is king, pleasing the shareholders is top priority, and because of how the stock market operates, corporations have to cur corners. If they don't, then they can't hit their market projections, and when that happens their stock devalues... which leads to more cost cutting, layoffs, etc. This happens with every publicly traded company that exists. The entire system is based around fear - fear that investors will sell off stock, fear that a projection won't be made, fear of a bad press headline about quarterly earnings... that's what drives the capitalist system. I'm no advocate of socialism or communism, but the capitalist market system, as it stands, is always going to put the customer last. It needs a serious reform.
 
Which underscores the greater problem. All corporations are guilty of this to some degree or another. It's an inherent problem with how corporations work and why. The bottom line is king, pleasing the shareholders is top priority, and because of how the stock market operates, corporations have to cur corners. If they don't, then they can't hit their market projections, and when that happens their stock devalues... which leads to more cost cutting, layoffs, etc. This happens with every publicly traded company that exists. The entire system is based around fear - fear that investors will sell off stock, fear that a projection won't be made, fear of a bad press headline about quarterly earnings... that's what drives the capitalist system. I'm no advocate of socialism or communism, but the capitalist market system, as it stands, is always going to put the customer last. It needs a serious reform.

The whole idea of the stock market is retarded. If you want to invest in a company for some promised return form the company, then so be it.

But having to be afraid of losing money because you didn't do what your stupid board of directors or an analyst thought you should do or how much you should have made, is just plain retarded.

As for credit card breaches that were at least partially due to the company refusing to secure their crap, the company itself should have to pay for the losses.. and then they themselves can go after the thieves.
 
Lucky me i'm not american and i'm faaar away from home depot.
 
The Ferengi had it right. Anyone who fails that bad should be thrown off the tower of commerce.
 
Where I am at, Lowe's and Home Depot are pretty much my only choices for a lot of stuff.

And to make matters worse, Home Depot carries some stuff that Lowe's doesn't carry that I need.

And to top it off, Lowe's is usually more expensive for the same thing or carries inferior products compared to Home Depot.

I always do comparison shopping, and it makes me kinda disappointed that I usually have to go to both stores to get everything I need.

At least they are only 2 blocks apart from each other.

Another thing.. The powers that be at Home Depot are not gonna care one bit if they lose a couple thousand customers countrywide over this. There are plenty to replace the few that stop shopping there. It won't even show up on their radar.

The only way to get them to take notice is if all the people that had their cards compromised because of their stupid management stopped shopping there. And that just isn't going to happen no matter how much you or anybody else wants it to.

That is the bottom line of American business and politics, they count on apathy. They know a new generation of customers and voters is born every day. They know they can get anything past the consumer or the voter, because it only takes a generation before the past becomes forgotten, and people will grow indifferent to the changes.

They know that corporations and politics are nationalized instead of localized, which reduces the ability of the individual to spark an organized opposition to anything.

If you have a government which consists of only the people living on your block you have a decent chance at affecting real changes on a personal level. When it expands to your town, you have less input as an individual. When it expands to a county level, even less. A state wide level, still less. A national level, still less. And when a business becomes multinational, they don't have to give a fuck about anything accept their own motivations.

That's been the plan in business and in government. Federalize, nationalize, crush all of the smaller players, consolidate power. Virtually gone are the mom and pop hardware stores, electronics stores, etc.
 
The whole idea of the stock market is retarded. If you want to invest in a company for some promised return form the company, then so be it.

But having to be afraid of losing money because you didn't do what your stupid board of directors or an analyst thought you should do or how much you should have made, is just plain retarded.

As for credit card breaches that were at least partially due to the company refusing to secure their crap, the company itself should have to pay for the losses.. and then they themselves can go after the thieves.

Face it, we live in a country where business is socialized, corporations are too big to fail, and they shift the burden of their losses to the US taxpayers.
 
I am not sure if Home Depot can ever be held accountable. I don't even see any long-lasting consequences will befall their way from this massive failure of security. As things stand, it will be business as usual for Home Debpt as memories of this credit card breach vanish from the public consciousness in a few months' time while the stock market gravy keeps trucking along.
 
Which underscores the greater problem. All corporations are guilty of this to some degree or another. It's an inherent problem with how corporations work and why. The bottom line is king, pleasing the shareholders is top priority, and because of how the stock market operates, corporations have to cur corners. If they don't, then they can't hit their market projections, and when that happens their stock devalues... which leads to more cost cutting, layoffs, etc. This happens with every publicly traded company that exists. The entire system is based around fear - fear that investors will sell off stock, fear that a projection won't be made, fear of a bad press headline about quarterly earnings... that's what drives the capitalist system. I'm no advocate of socialism or communism, but the capitalist market system, as it stands, is always going to put the customer last. It needs a serious reform.

A trend that was accelerated by the development of the personal computer. The ceo of a company would have to wait for data to be gathered and analyzed by humans.

Now they can press a button every morning and generate a report that they once had to wait days/weeks/months/quarters for. They can analyze every trend, every morning. They can squeeze and distill every drop of profit, every morning.
 
I am not sure if Home Depot can ever be held accountable. I don't even see any long-lasting consequences will befall their way from this massive failure of security. As things stand, it will be business as usual for Home Debpt as memories of this credit card breach vanish from the public consciousness in a few months' time while the stock market gravy keeps trucking along.

And why? Because the taxpayer is the back stop.

Their losses are socialized, so they have no reason to give a fuck.
 
"B-b-b-but you don't get it!

If we upgraded our security every time new threats came out, that would mean $200K less in CEO's pockets per year!

Wait? What?! You're telling me millions of people will now not shop at Home Depot because of this and we're bleeding hundreds of millions of dollars?! What the fuck America what do you expect us to do about it?!"

American CEO 101, fuck long term, think short term.
 
HD is a major supporter of the democrat party and gay rights so this will be swept under the rug. These are the reasons I have boycotted HD for a long time as well as any other company that supports these lame agendas. As a Cabinet Maker/Medic I do custom work and order all my stuff from small town local guys even my pricey lumber comes from local mill and hand selected and milled myself.

My big point is that our govenrment chooses to battle with terrorist for decades. Turn them into glass overnight and finish the job and focus on protecting We the People from this kind of fraud, protect our borders, take care of our vets and our poor people right here at home.
 
"B-b-b-but you don't get it!

If we upgraded our security every time new threats came out, that would mean $200K less in CEO's pockets per year!

Wait? What?! You're telling me millions of people will now not shop at Home Depot because of this and we're bleeding hundreds of millions of dollars?! What the fuck America what do you expect us to do about it?!"

American CEO 101, fuck long term, think short term.

"You are only as good as your last quarter."
 
Having had this experience as an IT professional myself...urg! Why is our government not doing it's job and going after these corporations with both barrels?

I blew the whistle how my company was handling client (and we're talking a TOP fortune 500 client) data. Sending it across borders, unencrypted, and the staff on the other side shared administrative logins to general agents. Got shut down and told to shut up. Then found myself unemployed shortly thereafter.

My legal team vs 2 fortune 500 legal teams. Yeah, not going to happen.

The thing is, I was told in confidence that the reason they didn't do anything about it was that if something happened, that's what insurance is for. It's much cheaper for them to clean up the mess afterwards, fire a couple people, and state they have policies in place to prevent this, and they weren't followed. Someone takes the fall, it blows over. Business as usual.
 
Wait wait...... What corporation DOESNT ignore what their IT security team preaches needs to get done? And needs to be purchased in order to maintain security?
 
Got the HD letter this weekend with my free 'year of credit monitoring'.

So, I have some 3 or 4 stacked monitoring offers this year. Sheesh!
 
In cases of gross negligence, absolutely they should be held accountable, this is a no-brainer. The problem is, Home Depot is a huge chain, and as such they can afford lawyers up the butt, and they can pay off politicians so that this isn't pursued.
 
Good thing the only time I have shopped at home depot in recent history has been for very small purchases with cash (<$20). I hope they get put on the hook for all this BS. Companies seem to be collecting more and more data about us and getting less and less concerned with security.
 
I don't even see why its that big of a deal, it's a credit card number. Credit cards expire and are disposable. It's not even really much PII, it's just credit card numbers and maybe track data... Talking about government intervention and huge negligence crimes just seems... Excessive.

All visa/mc/discover/amex cards pretty much come with zero liability when going through them anyway, so as a consumer, what's my incentive to even care. Fraud charges = card company overnighting me a new card and the charges immediately removed. No big deal imho. Sure visa/etc should hold home depot accountable according to their merchant contract, but other than that it's a non-issue for the consumer.
 
These companies that ignore these things are negligent and should be sued into oblivion for their dereliction in these regards.
 
Got the HD letter this weekend with my free 'year of credit monitoring'.

So, I have some 3 or 4 stacked monitoring offers this year. Sheesh!

Ditto, and had my card replaced twice last year. Although I think I've shopped there on the new card... so it may be time for #3.

and they have the gall to ask me if I want an emailed receipt.....
 
I don't even see why its that big of a deal, it's a credit card number. Credit cards expire and are disposable. It's not even really much PII, it's just credit card numbers and maybe track data... Talking about government intervention and huge negligence crimes just seems... Excessive.

All visa/mc/discover/amex cards pretty much come with zero liability when going through them anyway, so as a consumer, what's my incentive to even care. Fraud charges = card company overnighting me a new card and the charges immediately removed. No big deal imho. Sure visa/etc should hold home depot accountable according to their merchant contract, but other than that it's a non-issue for the consumer.

Except when you have 10-15 services (netflix, cable tv, phone, power, etc,etc) using that card number and you must change it with each service once you have the new card. Luckily I compiled a list and added it to my safety deposit box so I have a record of where I need to change it.
 
CEO's should be held PERSONALLY responsible for this kind of crap, and sent to prison. I bet that would change things up a bit.

Good thing the only time I have shopped at home depot in recent history has been for very small purchases with cash (<$20). I hope they get put on the hook for all this BS. Companies seem to be collecting more and more data about us and getting less and less concerned with security.

I work in compliance, and it's the same old story. IT security, fraud, regulatory compliance - it gets some lip service but until people get hit hard, it's ignored. And after it's ignored, it's the IT security, fraud and regulatory compliance people who get axed, not senior management. And the sad part is in compliance, the government is personally targeting people - the compliance officers. The CEOs, executive staff, board members, none have been charged.
 
Back
Top