Teach with Digital Technologies
VerifiedAdded on 2022/05/11
|8
|1687
|32
AI Summary
The primary issues involved were the exposure of the payment card information to the malevolent entities due to the security vulnerabilities and weaknesses that were present. There is a web space that has been developed to sell this information and it is termed as Darknet. The first alternative solution to prevent the payment card information stealing is the use of chip and pin cards. These are the advanced cards that comprise of a security chip along with the presence of the traditional magstripe.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
The Home Depot Data Breach
Case Report
1/20/2019
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
The Home Depot Data Breach
Case Report
1/20/2019
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The Home Depot Data Breach
Executive Summary
Security breaches and threats have become a common occurrence in the present times. One
such case was reported by Home Depot in September, 2014. The report is a case report that
provides a background on the case along with the key issues and findings involved. There are
alternative solutions that could have been used to prevent the attacks that are included in the
report along with the recommendations and lessons learned.
Keywords: Privacy, Security, Breach, Data, Payment, Credit Card
1
Executive Summary
Security breaches and threats have become a common occurrence in the present times. One
such case was reported by Home Depot in September, 2014. The report is a case report that
provides a background on the case along with the key issues and findings involved. There are
alternative solutions that could have been used to prevent the attacks that are included in the
report along with the recommendations and lessons learned.
Keywords: Privacy, Security, Breach, Data, Payment, Credit Card
1
The Home Depot Data Breach
Table of Contents
Case Background...................................................................................................................................3
Key Issues.............................................................................................................................................3
Analysis of Alternative Solutions..........................................................................................................3
Chip-and-Pin Cards...........................................................................................................................4
Use of Mobile Payments....................................................................................................................4
Point to Point Encryption...................................................................................................................4
Findings.................................................................................................................................................4
Discussions & Recommendations.........................................................................................................5
Conclusion – Lessons Learned..............................................................................................................6
References.............................................................................................................................................7
2
Table of Contents
Case Background...................................................................................................................................3
Key Issues.............................................................................................................................................3
Analysis of Alternative Solutions..........................................................................................................3
Chip-and-Pin Cards...........................................................................................................................4
Use of Mobile Payments....................................................................................................................4
Point to Point Encryption...................................................................................................................4
Findings.................................................................................................................................................4
Discussions & Recommendations.........................................................................................................5
Conclusion – Lessons Learned..............................................................................................................6
References.............................................................................................................................................7
2
The Home Depot Data Breach
Case Background
Home Depot Inc. is an American organization that deals in the retail of home improvement
tools, construction services, and products. The organization came up with an official
statement on September 8th, 2014, regarding a massive data breach that it experienced. The
company stated that the credit card details of a large number of its customers was exposed
and the company declared that it was working towards offering free credit services to the
customers that were impacted by the security breach (Hawkins, 2015).
Key Issues
The primary issues involved were the exposure of the payment card information to the
malevolent entities due to the security vulnerabilities and weaknesses that were present.
There is a web space that has been developed to sell this information and it is termed as
Darknet. The malicious entities put this information on the Darknet which is then sold and
misused by the other users. The cycle involves the brokers that buy this information from the
Darknet and further sell it to the carders on their respective sites. The carders buy a prepaid
card from the websites which is used as a gift card on the popular websites, such as Amazon
etc. (Abbruzzese, 2014).
There have been similar instances in the history and the inadequate due diligence of Home
Depot was one of the primary causes behind the data breach. Target Data Breach occurred in
December, 2013 in which the records of over 40 million people were stolen. The Home
Depot data breach crossed that mark and there were 56 million payment cards that were
stolen.
There have also been some of the massive data breaches since then comprising of the stealing
of the payment card information. The organizations involved did not use the attack details
associated with the Target data breach to learn and develop their systems to protect them
from the security breach (Samad, 2014).
Analysis of Alternative Solutions
There are a number of approaches that could have been used to prevent such security
breaches.
3
Case Background
Home Depot Inc. is an American organization that deals in the retail of home improvement
tools, construction services, and products. The organization came up with an official
statement on September 8th, 2014, regarding a massive data breach that it experienced. The
company stated that the credit card details of a large number of its customers was exposed
and the company declared that it was working towards offering free credit services to the
customers that were impacted by the security breach (Hawkins, 2015).
Key Issues
The primary issues involved were the exposure of the payment card information to the
malevolent entities due to the security vulnerabilities and weaknesses that were present.
There is a web space that has been developed to sell this information and it is termed as
Darknet. The malicious entities put this information on the Darknet which is then sold and
misused by the other users. The cycle involves the brokers that buy this information from the
Darknet and further sell it to the carders on their respective sites. The carders buy a prepaid
card from the websites which is used as a gift card on the popular websites, such as Amazon
etc. (Abbruzzese, 2014).
There have been similar instances in the history and the inadequate due diligence of Home
Depot was one of the primary causes behind the data breach. Target Data Breach occurred in
December, 2013 in which the records of over 40 million people were stolen. The Home
Depot data breach crossed that mark and there were 56 million payment cards that were
stolen.
There have also been some of the massive data breaches since then comprising of the stealing
of the payment card information. The organizations involved did not use the attack details
associated with the Target data breach to learn and develop their systems to protect them
from the security breach (Samad, 2014).
Analysis of Alternative Solutions
There are a number of approaches that could have been used to prevent such security
breaches.
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
The Home Depot Data Breach
The use of magstripes in the credit cards makes it easier for the malevolent entities to forge
the details and misuse the same for making false payments.
Chip-and-Pin Cards
The first alternative solution to prevent the payment card information stealing is the use of
chip and pin cards. These are the advanced cards that comprise of a security chip along with
the presence of the traditional magstripe. The presence of the security chip on the card
ensures that the card details are not duplicated. Also, there is a unique payment data used in
every transaction leading to the minimization of the attack window and attack surface.
Use of Mobile Payments
There are newer mechanisms that are being launched to prevent the security breach of
payment credit details. One such alternative is the use of mobile payments. There are a
number of mobile wallets that have now been developed which may be used to make the
mobile payments. Some of the popular mobile wallets include Google Wallets, Apple Pay,
Amazon Pay, etc. These wallets are like the virtual wallets that may be synced with the cards
and the payment can be directly made using these wallets (Winter, 2014). There is a mobile
device that is required to access these wallets and the payment can be done in a single click.
Point to Point Encryption
The use of traditional magstripes in the credit cards can be done along with the Point to Point
(P2P) Encryption to make sure that the credit details are kept secured during the transactions.
P2P is an encryption method in which the card details are encrypted during the swipe of the
card. The duplication of the data is not possible with the involvement of this method as the
data is always encrypted until it reaches the memory. It is however necessary that the
members of the staff are provided with the trainings on this method to utilize it to the fullest.
Findings
There are alternative methods that have been developed to prevent the security breach.
However, the malevolent entities have developed newer mechanisms that may be used to
steal the card information.
One of the primary techniques that are now being used by the attackers is the memory
scraping malware. The malware has the capability to access and read the payment details on
the Random Access Memory (RAM) itself wherein the information is present in the form of
4
The use of magstripes in the credit cards makes it easier for the malevolent entities to forge
the details and misuse the same for making false payments.
Chip-and-Pin Cards
The first alternative solution to prevent the payment card information stealing is the use of
chip and pin cards. These are the advanced cards that comprise of a security chip along with
the presence of the traditional magstripe. The presence of the security chip on the card
ensures that the card details are not duplicated. Also, there is a unique payment data used in
every transaction leading to the minimization of the attack window and attack surface.
Use of Mobile Payments
There are newer mechanisms that are being launched to prevent the security breach of
payment credit details. One such alternative is the use of mobile payments. There are a
number of mobile wallets that have now been developed which may be used to make the
mobile payments. Some of the popular mobile wallets include Google Wallets, Apple Pay,
Amazon Pay, etc. These wallets are like the virtual wallets that may be synced with the cards
and the payment can be directly made using these wallets (Winter, 2014). There is a mobile
device that is required to access these wallets and the payment can be done in a single click.
Point to Point Encryption
The use of traditional magstripes in the credit cards can be done along with the Point to Point
(P2P) Encryption to make sure that the credit details are kept secured during the transactions.
P2P is an encryption method in which the card details are encrypted during the swipe of the
card. The duplication of the data is not possible with the involvement of this method as the
data is always encrypted until it reaches the memory. It is however necessary that the
members of the staff are provided with the trainings on this method to utilize it to the fullest.
Findings
There are alternative methods that have been developed to prevent the security breach.
However, the malevolent entities have developed newer mechanisms that may be used to
steal the card information.
One of the primary techniques that are now being used by the attackers is the memory
scraping malware. The malware has the capability to access and read the payment details on
the Random Access Memory (RAM) itself wherein the information is present in the form of
4
The Home Depot Data Breach
clear text. In the case of Home Depot Data Breach, the attackers made use of a third-party
logon to access the database (Ragan, 2014). Once the access was provided, the attackers then
exploited zero-day vulnerability in Windows followed by the launch of memory scraping
malware on over 7,500 self-checkout POS terminals.
Discussions & Recommendations
There are numerous control measures that the organization could have used to prevent the
security breach from taking place.
The organization lacked secure configuration of the software and hardware on the POS
terminals. There were also issues of network segregation in the corporate network and POS
network of the organization. The attackers succeeded in gaining the third party logon
credentials which was one of the prime causes behind the attack. The lack of management
and monitoring were the reasons behind the same.
The organization did have anti-malware tools installed in its environment. However, there are
several features and functionalities that are present in these tools. The Network Threat
Protection feature was not activated in the anti-malware tool that was present which could
have been done to prevent the security breach (Cnbc, 2014). The use of Point to Point
Encryption could also have been done to avoid the security breach. P2P is an encryption
method in which the card details are encrypted during the swipe of the card. The duplication
of the data is not possible with the involvement of this method as the data is always encrypted
until it reaches the memory.
Windows XP Embedded SP3 was the operating system that was installed on the POS devices.
There were security vulnerabilities that were present on the operating system that was
exploited by the attackers to give shape to the security attack. The organization must have
made sure that they upgraded their software packages and systems at regular intervals. The
updating of the operating systems and software packages would have made the system secure
and efficient enough to prevent the security breach (Seals, 2014).
There were issues of network segregation that could have been avoided with the use and
installation of advanced network security controls. The use of virtual private networks would
have made sure that the network security was enhanced. The use of multi-fold authentication
and advanced access control must have been done as well to control the third-party access.
5
clear text. In the case of Home Depot Data Breach, the attackers made use of a third-party
logon to access the database (Ragan, 2014). Once the access was provided, the attackers then
exploited zero-day vulnerability in Windows followed by the launch of memory scraping
malware on over 7,500 self-checkout POS terminals.
Discussions & Recommendations
There are numerous control measures that the organization could have used to prevent the
security breach from taking place.
The organization lacked secure configuration of the software and hardware on the POS
terminals. There were also issues of network segregation in the corporate network and POS
network of the organization. The attackers succeeded in gaining the third party logon
credentials which was one of the prime causes behind the attack. The lack of management
and monitoring were the reasons behind the same.
The organization did have anti-malware tools installed in its environment. However, there are
several features and functionalities that are present in these tools. The Network Threat
Protection feature was not activated in the anti-malware tool that was present which could
have been done to prevent the security breach (Cnbc, 2014). The use of Point to Point
Encryption could also have been done to avoid the security breach. P2P is an encryption
method in which the card details are encrypted during the swipe of the card. The duplication
of the data is not possible with the involvement of this method as the data is always encrypted
until it reaches the memory.
Windows XP Embedded SP3 was the operating system that was installed on the POS devices.
There were security vulnerabilities that were present on the operating system that was
exploited by the attackers to give shape to the security attack. The organization must have
made sure that they upgraded their software packages and systems at regular intervals. The
updating of the operating systems and software packages would have made the system secure
and efficient enough to prevent the security breach (Seals, 2014).
There were issues of network segregation that could have been avoided with the use and
installation of advanced network security controls. The use of virtual private networks would
have made sure that the network security was enhanced. The use of multi-fold authentication
and advanced access control must have been done as well to control the third-party access.
5
The Home Depot Data Breach
Conclusion – Lessons Learned
The advancements in technology are providing various benefits to the users; however, the
malevolent entities are finding the ways to cause damage to information and data sets being
used in the technological applications and tools. The chip and pin cards may be able to
provide resolution to the existing security threats. However, these cards may not be secure
enough for the attack mechanisms developed by the attackers in the future. It is therefore
necessary that the systems are regularly upgraded and there is always research carried out to
implement newer and advanced security controls. The use of advanced encryption
techniques, such as P2P and multi-path encryption shall be done so that the timely detection
and prevention of the security attacks and breaches is made possible. The use of pro-active
approach amalgamated with the technical & logical controls will lead to the avoidance of the
attacks.
6
Conclusion – Lessons Learned
The advancements in technology are providing various benefits to the users; however, the
malevolent entities are finding the ways to cause damage to information and data sets being
used in the technological applications and tools. The chip and pin cards may be able to
provide resolution to the existing security threats. However, these cards may not be secure
enough for the attack mechanisms developed by the attackers in the future. It is therefore
necessary that the systems are regularly upgraded and there is always research carried out to
implement newer and advanced security controls. The use of advanced encryption
techniques, such as P2P and multi-path encryption shall be done so that the timely detection
and prevention of the security attacks and breaches is made possible. The use of pro-active
approach amalgamated with the technical & logical controls will lead to the avoidance of the
attacks.
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The Home Depot Data Breach
References
Abbruzzese, J. (2014). The Truth About Home Depot's Security Breach: Hacking Was Easy.
Retrieved from https://mashable.com/2014/09/10/home-depot-breach-hacking/
Cnbc. (2014). Check your statements: Home Depot confirms breach. Retrieved from
https://www.cnbc.com/2014/09/08/home-depot-confirms-data-breach.html
Hawkins, B. (2015). Case Study: The Home Depot Data Breach. Retrieved from
https://www.sans.org/reading-room/whitepapers/casestudies/paper/36367
Ragan, S. (2014). What you need to know about the Home Depot data breach. Retrieved from
https://www.csoonline.com/article/2604320/data-protection/what-you-need-to-know-
about-the-home-depot-data-breach.html
Samad, J. (2014). With 56 Million Cards Compromised, Home Depot's Breach Is Bigger
Than Target's. Retrieved from
https://www.forbes.com/sites/katevinton/2014/09/18/with-56-million-cards-
compromised-home-depots-breach-is-bigger-than-targets/#1e80aee33e74
Seals, T. (2014). Home Depot: Massive Breach Happened Via Third-Party Vendor
Credentials. Retrieved from https://www.infosecurity-magazine.com/news/home-
depot-breach-third-party/
Winter, M. (2014). Home Depot hackers used vendor log-on to steal data, e-mails. Retrieved
from https://www.usatoday.com/story/money/business/2014/11/06/home-depot-
hackers-stolen-data/18613167/
7
References
Abbruzzese, J. (2014). The Truth About Home Depot's Security Breach: Hacking Was Easy.
Retrieved from https://mashable.com/2014/09/10/home-depot-breach-hacking/
Cnbc. (2014). Check your statements: Home Depot confirms breach. Retrieved from
https://www.cnbc.com/2014/09/08/home-depot-confirms-data-breach.html
Hawkins, B. (2015). Case Study: The Home Depot Data Breach. Retrieved from
https://www.sans.org/reading-room/whitepapers/casestudies/paper/36367
Ragan, S. (2014). What you need to know about the Home Depot data breach. Retrieved from
https://www.csoonline.com/article/2604320/data-protection/what-you-need-to-know-
about-the-home-depot-data-breach.html
Samad, J. (2014). With 56 Million Cards Compromised, Home Depot's Breach Is Bigger
Than Target's. Retrieved from
https://www.forbes.com/sites/katevinton/2014/09/18/with-56-million-cards-
compromised-home-depots-breach-is-bigger-than-targets/#1e80aee33e74
Seals, T. (2014). Home Depot: Massive Breach Happened Via Third-Party Vendor
Credentials. Retrieved from https://www.infosecurity-magazine.com/news/home-
depot-breach-third-party/
Winter, M. (2014). Home Depot hackers used vendor log-on to steal data, e-mails. Retrieved
from https://www.usatoday.com/story/money/business/2014/11/06/home-depot-
hackers-stolen-data/18613167/
7
1 out of 8
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.