Bloomberg Anywhere Remote Login Bloomberg Terminal Demo Request


Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.


Financial Products

Enterprise Products


Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000


Industry Products

Media Services

Follow Us

Bloomberg Customers


Home Depot's Suspected Breach Looks Just Like the Target Hack

Home Depot's Suspected Breach Looks Just Like the Target Hack

Photograph by David Paul Morris/Bloomberg

This is all sounding horribly familiar. Brian Krebs, a prominent cybersecurity blogger, reported on Tuesday that Home Depot had likely been hacked based on a “massive” batch of stolen credit and debit card data appearing for sale online. Krebs, if you remember, also broke the news that Target had suffered a breach last December.

The data in question are being sold on the same site,, that hawked Target’s stolen data, Krebs said, indicating that it may be the same group behind both breaches. The names of the batches currently for sale—“American Sanctions” and “European Sanctions”—spurred Krebs to speculate that this hack is intended as retribution for penalties imposed on Russia in reaction to its actions in Ukraine. The intrusion into Home Depot may date as far back as late April, suggesting the breach could be larger than Target’s.

Home Depot confirmed that it was looking into unusual activity and would make sure customers were notified if the company identified a breach, according to Bloomberg News.

Now comes the gold rush. Daniel Ingevaldson, chief technology officer at Easy Solutions, which provides anti-fraud services to banks, says stolen card data that went up today on Rescator are commanding prices of $50 to $100 each. The website, known for its ease of use, has become the clearinghouse for the largest breaches, selling hundreds of thousands of cards at a time. But it’s been in and out of service, according to Ingevaldson, which may be a sign of extremely high demand for the data. Cybercriminals want to get them while they’re fresh, before banks have defenses in place for the breach, and their enthusiasm might be overwhelming Rescator like shoppers on Black Friday. It’s also possible that rival cybercriminals are attacking the website, he says, forcing it offline to stall sales.

Although it all sounds sadly familiar, banks and companies have learned from the steady drumbeat of breach reports over the past year. The window of opportunity to profit from stolen card data has definitely shrunk, Ingevaldson says, and more banks have been monitoring the black market themselves—mimicking Krebs and others—to get an earlier warning when card data have been stolen.

Lawrence is a reporter for Bloomberg News in New York.

blog comments powered by Disqus