Attorney General George Jepsen said yesterday his office, along with the attorneys general of California and Illinois, will lead a multi-state investigation into a major credit and debit card cyber attack at Home Depot stores. Branford and New Haven residents typically shop at Home Depot stores in East Haven and North Haven.
There are 28 Home Depot stores in Connecticut and 2,200 stores in the United States. Canada has 180 stores. There is no evidence the breach hit online customers. It is believed to have taken place in April or May but has just come to light. It may well prove bigger than the 40 million card numbers stolen from customers’ credit cards at Target stores last year.
“My office, in coordination with the attorneys general in California and Illinois, is leading a multi-state investigation into the breach at Home Depot,” Jepsen said in a statement to the Eagle yesterday. Home Depot acknowledged the cyber-attack Monday.
“Our investigation is in the early stages, and I would encourage Home Depot customers to check their credit card and bank statements and immediately contact their financial institution if they notice any unauthorized charges or suspicious activity. As a general rule, consumers should regularly change passwords and PIN numbers, if they can, and use passwords that are difficult to guess,” he added.
On its website yesterday, the Home Depot Company issued a statement, saying, “We apologize for the frustration and anxiety this causes our customers.”
The company told those customers whose credit or debit accounts may have been hacked that they will not be responsible for “any fraudulent charges to your accounts, and we’re offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on.”
The statement told its Home Depot customers that they could learn more about the identity protection services and how to sign up for them by going to: https://homedepot.allclearid.com/.
Krebs on Security, a well-known security blog, first disclosed the breach about a week ago. The blog said yesterday that multiple financial institutions contacted by this publication are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer (debit) accounts.” Click here to read Krebs on Security.
New York & Iowa May Join CT Inquiry
The attorneys general for the states of New York and Iowa may also be joining the Connecticut-California-Illinois inquiry. A joint inquiry means the states may move more quickly, assigning investigative staffs to specific areas. A multi-state inquiry also avoids duplication of efforts.
The joint state investigation was disclosed Tuesday, a day after Home Depot confirmed suspicions that its systems may have been breached.
Some analysts have speculated that the size of the Home Depot breach could rival or exceed that of last year’s unprecedented cyber-attack on Target Corp. That attack led to the theft of some 40 million payment card numbers and another 70 million customer records.
Jepsen’s office has had initial contact with the company. His office has not disclosed any further information about the nature of his requests.
###
Am I correct that this problem applies only to Home Depot cards and not to other VISA or Mastercards which may have been used at a Home Depot store?