Former employees of Home Depot said they voiced their criticism of the company's security vulnerabilities years before its massive data breach, but the company did not respond quickly enough, The New York Times reported. Sources close to the company said they began raising concerns in 2008. Fast forward to 2014, Home Depot confirmed a data breach affecting 56 million credit and debit cards swiped throughout the company's U.S. locations.
Companies like Home Depot may be lacking in both prevention and detection of cyber threats, the Times reported. Without these abilities, firms are vulnerable to attacks on their systems, which could result in data breaches.
Home Depot said the breach lasted between April and September, according to the company's latest statement on Sept. 18.
One of the procedures IT security experts suggest for data theft prevention is regular scans of systems with the latest technology. However, sources familiar with Home Depot's cybersecurity procedures said the company did not use up-to-date software to protect customer information, according to the Times.
"Scanning is the easiest part of compliance," said Avivah Litan, a cybersecurity analyst at research firm Gartner, according to the Times. "There are a lot of services that do this. They hardly cost any money. And they can be run cheaply from the cloud."
Future of Home Depot Security
The company removed the malware present on its systems and will improve its security through updating its encryption software starting in 2015. However, it appears the damage may have been done as millions of patrons may be vulnerable to identity theft and credit card fraud.
Of the 56 million payment records exposed in the Home Depot breach, more than 282,000 credit and debit card numbers stolen in Wisconsin stores were for sale on black markets online, Milwaukee Journal Sentinel reported.
"When they're 100 percent valid, that's an indicator that the merchant hasn't fixed the problem yet," Brian Krebs, cybersecurity reporter at KrebsOnSecurity, told the Journal Sentinel. "It's a live breach."
This development shows cybercriminals are hoping to profit off this stolen information by offering payment data for sale, which is similar to the aftermath of the Target breach when hackers packaged data to be sold on the black market.
Home Depot may begin to see the same consequences as Target after the data breach discovery, which could include drops in stocks and sales. With the rollout of the new encryption system, Home Depot may improve its data theft prevention, but the company's slow response to the breach shows more needs to be done to avert future financial disasters.