The firm said it is offering customers credit monitoring services and is improving its in-store security and encryption and adopting the chip and Pin system.
The Home Depot report was compiled with help from law enforcement and third-party security companies, and reveals that access to the company's network was enabled by a stolen password and username that related to a third party.
Once the criminals were in the system they were able to elevate their rights and deploy "custom-built malware" on the self-checkout tills in stores across the US.
The firm suggested that the attack on its system was a bespoke one, and that the security gap has been closed off. Home Depot customers are advised to be on guard against phishing attacks.
"As previously disclosed, the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot's security partners," the retailer said.
"The hackers' method of entry has been closed off and the malware has been eliminated from the company's systems."
Home Depot said that it is still investigating the incident, which is one of the largest on record. No one has been arrested or charged to date.
The attack is one of many carried out in the past year, including one on Target that led to the departure of its CEO.
No comments:
Post a Comment