(Bloomberg) — Home Depot Inc.'s data breach, which put about 56 million payment cards at risk, has fed fraudulent transactions that in some cases have drained money from customer bank accounts, the Wall Street Journal reported.
Stolen information on credit and debit cards has been used to buy prepaid cards, electronics and groceries, the newspaper reported yesterday, citing unidentified people familiar with the attack's fallout. The amount and types of fraud are about the same as in other big breaches, the publication cited the people as saying.
Home Depot, the world's largest home-improvement chain, announced it was looking into "suspicious activity" Sept. 2, the day it learned from banks and law enforcement that criminals may have obtained data. The retailer released an estimate for affected cards last week, saying hackers' software may have infected its systems from April to this month and that it expects to pay about $62 million this year to deal with the incursion, with some covered by insurance.
"There is no evidence that debit PIN numbers were compromised," the Atlanta-based company said Sept. 18.
Spokesmen for the retailer and the largest U.S. card- issuing banks — JPMorgan Chase & Co., Bank of America Corp. and Citigroup Inc. — declined to comment yesterday on what types of suspected fraud, if any, have been seen. The firms have said they're taking steps to protect customers. Financial institutions often are first to detect hacks at retailers by tracing increased fraud tied to cards used at a common source.
Bank investigators have spotted card information being fenced on black market websites, according to the security blogger Brian Krebs, who first reported the breach. Criminals sometimes buy numbers, then manufacture fake cards they use to purchase gift cards and goods that can be resold.
Breaches can be especially burdensome for small banks as they cover fraud costs and reissue cards, said Viveca Ware, who handles regulatory policy at the Independent Community Bankers of America trade group in Washington.
"We're not happy that our institutions continue to incur costs related to breaches that they're not responsible for," she said. "We'd like to see a more efficient and timely restitution process."
--With assistance from Elizabeth Dexheimer and Matt Townsend in New York.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.