Massive Home Depot cyber breach happened months ago & company only found about it now

Home Depot is the latest in a string of U.S. retailers to be broadsided by a brutal hack attack.

But while news of the hack has only surfaced today, the initial breach may have occurred in the spring. The likely culprits are the usual suspects: Eastern European hackers from Ukraine or Russia, according to the lead of the malware intelligence team Adam Kujawa of Malwarebytes.

Kujawa told VentureBeat there is a strong suspicion the perpetrators were linked to the same group responsible for inserting Trojan malware into Point of Sale machines at U.S. retailer Target in December, where over 70 million customers saw their credit cards hit with more than $100 million in fraudulent charges.

The enormity of that breach cost the Target CEO at the time, Gregg Steinhafel, his job.

Incredibly, this newly discovered breach, which is thought to have put millions of Home Depot customers’ credit card data at risk, happened earlier this year. It wasn’t until American and European banks noticed that millions of credit cards appeared on cyber criminal websites like Rescator.cc for sale, which were then traced back to Home Depot, that the colossal hit was uncovered.

Customers at Home Depot’s 2,200 American outlets have been affected, various media reports stated.

Paula Drake, a Home Depot spokeswoman, released a statement to VentureBeat late Tuesday:

“At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate.  Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers.  If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further. We will provide further information as soon as possible.”

Drake declined to answer further questions.

Kujawa said Rescator.cc is a known cyber criminal marketplace that traffics in stolen credit cards, boosted PayPal logins, Botnets, drugs, computer ransoms, and even murder-for-hire schemes, among other nefarious offerings, according to Kujawa.

As for the Russian connection, it is, for now, mere speculation, according to Kujawa.

“You can definitely speculate this is related to the POS Target malware breach. It was the banks themselves that discovered the cards for sale and then traced them back to Home Depot,” he said.

The astonishing breach may be the result of intensifying hostilities between Russia and the West that crystalized when the Russian military encircled Ukraine and began arming separatist fighters battling the Crimean government earlier this year. The U.S. and European governments recently initiated a series of hard-hitting sanctions on Russian banks and companies.

Kujawa said it’s possible the Russian government was involved — or at least deliberately disregarded the scam possibly originating from its territory. The U.S. has long suspected that Russia, under autocratic leader Vladimir Putin, is behind cyber breach attacks against Western companies and governments. Putin has long denied it.

“You never really know. The Russian’s have a long history of looking the other way or turning a blind eye to this kind of stuff after getting their cut. It’s very possible the attack was either inspired or orchestrated by Russia,” Kujawa said.

If the attack happened months ago, and Home Depot is only finding out about it now, the company could be in big trouble. At least CEO Frank Blake could see his job on the line. Instead of getting in front of it, apparently, Home Depot is taking the ostrich head-in-the-sand approach.