Skip to content
Subscriber Only

Former Home Depot Managers Depict 'C-Level' Security Before the Hack

Checking out at Home Depot
Checking out at Home DepotPhotograph by Patrick T. Fallon/Bloomberg

Home Depot’s in-store payment system wasn’t set up to encrypt customers’ credit- and debit-card data, a gap in its defenses that gave potential hackers a wider window to exploit, according to interviews with former members of the retailer’s security team.

It’s unclear whether that vulnerability contributed to the hack that Home Depot announced on Sept. 8. Yet five former staffers describe a work environment in which employee turnover, outdated software, and a stated preference for “C-level security” (as opposed to A-level or B-level) hampered the team’s effectiveness. The former workers, including three managers, asked that their names not be used because they fear retribution from their former employer; some now work for companies that perform security functions for Home Depot.