Cyber Incident Victim: The Home Depot

In September 2014, Home Depot initiated an investigation into a potential breach of customer credit and debit card data following reports by security researcher Brian Krebs. Krebs first disclosed the suspected breach on September 2, noting it might affect all 2,200 U.S. Home Depot stores and exhibited similarities to previous attacks on Target, Sally Beauty, and P.F. Chang's. Home Depot spokesperson Paula Drake confirmed the company was examining "unusual activity" in collaboration with banking partners and law enforcement but had not yet verified a breach. The company emphasized its commitment to protecting customer information and pledged to notify customers if evidence confirmed the compromise. This incident occurred amid a surge in retail breaches throughout 2014, including Target's high-profile 2013 breach involving 40 million payment cards and 70 million customer records, followed by attacks on Neiman Marcus, P.F. Chang's, and healthcare provider Community Health Systems.

The U.S. Secret Service and U.S. Computer Emergency Readiness Team (CERT) had issued warnings in July and August 2014 about the "Backoff" malware, which compromised over 1,000 retailers by exploiting remote-desktop software used for system maintenance. While Home Depot's investigation was ongoing, Krebs identified online sales of stolen credit card files labeled "American Sanctions" and "EU Sanctions," suggesting attackers might have been motivated by Western economic sanctions against Russia related to its actions in Ukraine. This geopolitical link paralleled contemporaneous investigations into the JPMorgan breach, which authorities also suspected had ties to the Russia-Ukraine conflict. Home Depot's response remained focused on verifying the breach's existence and scope while coordinating with financial institutions and law enforcement to mitigate potential impacts.