In the recent hack on Home Depot, a reported 56 million credit cards were stolen. New facts that have come to light by The New York Times indicates, however, that Home Depot’s internal cybersecurity experts were well aware of the vulnerabilities that allowed the breach to happen from as early as 2008.
Home Depot reportedly relied on outdated software to secure its network and seldom scanned systems that processed customer information. In an attempt to improve security practices, the company hired an engineer in 2012 to oversee a rollout of better security protocols. However, the new hire was soon sentenced to 4 years in federal prison after it was found out that he had disabled his previous employer’s computers for a month after being fired.
The curious thing, however, is how Home Depot was taken by surprise just after the Target breach. According to Home Depot, they assembled a team to make sure they didn’t fall prey to a similar attack. By the time the new encryption systems were rolled out, however, the hackers were already in Home Depot’s system.
Saddest of all is that “several former Home Depot employees said they were not surprised the company had been hacked”, according to the Times. “When they sought new software and training, managers came back with the same response: ‘We sell hammers.’”.
Read our article on possible techniques Home Depot could have used to prevent the breach.