Cybersecurity

Home Depot Hacked After Months of Security Warnings

A breach at the home improvement retailer followed months of warnings

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Ben Elgin, Michael Riley, and Dune Lawrence

September 18, 2014 at 10:12 PM UTC

This article is for subscribers only.

This article is part of the September 22, 2014 issue of businessweek.

For a retailer with 2,266 stores and $79 billion in annual revenue, buying software to protect against hackers is a good idea. Using the software is a better one. In the year before cybercriminals penetrated payment systems of Home Depot stores in the U.S. and Canada, the retailer suffered at least two smaller hacks, according to internal company e-mails and reports. Afterward, Home Depot security contractors urged the company to strengthen its cyberdefenses by activating a key, unused feature of its security software that the internal documents say would have added a layer of protection to the retail terminals where customers swipe their cards.

Home Depot confirmed a breach on Sept. 8, almost a week after credit card data linked to its customers went up for sale on black-market website Rescator.cc.