University Case Study: Home Depot Data Breach and Prevention

Verified

Added on 2023/06/03

AI Summary

This case study analyzes the 2014 Home Depot data breach, detailing the incident where hackers compromised the company's Point-of-Sale (POS) systems, leading to the theft of millions of credit card and email addresses. The study explores the breach's major causes, including vulnerabilities in POS terminals, lack of regular vulnerability checks, and insufficient network segregation. It then proposes alternative solutions like P2P encryption, network segregation, and improved third-party vendor credential management to prevent future breaches. The case highlights the importance of information security and the need for proactive measures to protect sensitive customer data, emphasizing the impact of the breach and the importance of implementing security measures.

Running Head: Case Study: The Home Depot Data Breach
Case Study: The Home Depot Data Breach
Name of the Student:
Name of the University:
Author Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1Case Study: The Home Depot Data Breach
Synopsis/Executive Summary
Credit card information security breach have become a very common issue recently and may
retail companies as if the Home Depot Department are facing such problems every year.
However, with proper preventive security measures such incidents could have been avoided. In
the September of 2014, the Home Depot Department had faced such information breach and data
regarding millions of credit cards had been compromised. The company faced huge loss.
Investigation of this case has resurfaced major faults in the system of the company, which are the
reasons of this breach. The case study of this company is based on the problem and the
alternative solutions, which are best answers to this problem of the company.

2Case Study: The Home Depot Data Breach
Table of Contents
Introduction......................................................................................................................................3
Findings...........................................................................................................................................3
Discussion........................................................................................................................................4
Major reasons of the Breach........................................................................................................4
The alternative solutions to prevent such breach problems.........................................................4
Conclusion.......................................................................................................................................5

3Case Study: The Home Depot Data Breach
Introduction
The Home Depot Department identified a breach in their system on September 8th 2014,
which shows that the card payment process of the retail company is breached. They started an
investigation based on the reports from two days before of this incident to uncover the practical
chances and aftermath of this breach. They offered free credits for their customers who have
been using their payment cards since the month of April and issued an apology for this (Miller &
Angelis, 2018). The Incident Response Team of the company planned to contain and eliminate
the problem in collaboration with a reputed cyber security company. The study is about the case
study of the Home Depot Department breach and the precautions taken to fight back it and how
effected they are.
Findings
The hackers of this case were able to breach the Point-of-sales networks of the company
and stole the information of payment card data. The attackers successfully gained access to one
of the vendor site of Home Depot Department using third-person login credentials of that
website. After that, they exploited the website with zero-day vulnerability over the OS like
Windows, which provided them to dock on the fixed vendor pages of the company website
(Erskine, Camillo, Bajada & Holt, 2015). Once they have gained access to the Home Depot
Department network, the hackers have installed a memory scraping malware in the 7,500 self-
checkout counters of the POS terminals of the company website. This way, they were able to
access information about more than 56 million payment cards both credit and debit and nearly 53
million email addresses from the system. The stolen credit and debit cards were used for sale,

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4Case Study: The Home Depot Data Breach
which were bought by others. The information of the stolen email addresses were helpful for
organizing large groups for this sale.
Discussion
Major reasons of the Breach
There were several short comes identified by the investigating team which are the reasons
of this security breach. These were identified and rectified soon to minimize the effects of the
breach. The retail company did not have any secured structure of software and hardware for the
POS terminals. The company did no regular vulnerability check of the POS pages. On the other
hand, the company did not adopt any segregated company page and POS network in their
website. These were the reasons the administration of the company was not able to indent any
hacking in the first place and faced such situations.
The alternative solutions to prevent such breach problems
There many alternative solutions to these problems identified by the cyber security
providers, however there are three solutions, which are most relevant for such problems
(Manworren, Letwat & Daily, 2016). Implementing any of these will be effective to avoid any
breach in the system in future. The solutions are P2P encryption, network segregation and
management of third party vendor credentials. P2P encryption is the best solution to handle
memory-scraping malware. The system provides a tamper-resistive key for every transaction and
helps to avoid saving data in the memory of the system. Every time a card is used, a new key is
generated (Manion, 2015). The system is highly secured and provides proper protection against
credit card hacking. While on the other hand network segregation in a POS network helps to
keep the vendor pages segregated from the main retail page and provide a protection against

5Case Study: The Home Depot Data Breach
hacking via this way. Management of third party vendors is another important solution the
company can implement to avoid breaching. For the home Depot Department, the Point-To-Point
encryption method of security is the best solution to prevent breaching.
Conclusion
The company could have prevented such problems if they had understood the importance
of information security. An alarm rag when the Target was breached the previous year in the
same manor. This way information of millions of users had been saved besides the reputation of
the company. Besides the above mentioned security measure, the company must keep an eye
open for future security processes to ensure better security against data breaching in future.

6Case Study: The Home Depot Data Breach
References
Erskine, A., Camillo, A. A., Bajada, A. J., & Holt, S. (2015). The Home Depot: A Competitor’s
Strategic Audit, A Case Study. In Global Enterprise Management (pp. 171-189).
Palgrave Macmillan, New York.
Manion, R. F. (2015). Incentivizing the Protection of Personally Identifying Consumer Data
After the Home Depot Breach. Ind. LJ, 91, 143.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data
breach. Business Horizons, 59(3), 257-266.
Miller, J. C., & Angelis, J. N. (2018, June). An Empirical Investigation of the Effects of
Individuality on Responses to Data Theft Crimes. In 2018 IEEE Technology and
Engineering Management Conference (TEMSCON) (pp. 1-6). IEEE.