Home Depot Working With Symantec in Probe of Data Breach

By Matt Townsend

Home Depot Inc. (HD), the largest home-improvement chain, has enlisted Symantec Corp. (SYMC) and FishNet Security Inc. to help investigate a suspected data breach after learning of the possibility earlier this week.
Home Deport is working with the companies and other top information-security firms to review the situation, Paula Drake, a spokeswoman for the Atlanta-based retailer, said yesterday, without confirming that an intrusion has occurred.
“Our forensics and security teams have been working around the clock since we first became aware of a potential breach Tuesday morning,” she said in an e-mail.
Home Depot first announced that it was investigating the
incident on Sept. 2, saying it was working with banks and law enforcement to figure out what happened. The disclosure followed a report by KrebsOnSecurity that a “massive” batch of stolen credit- and debit-card information was posted for sale online, possibly obtained from Home Depot stores.
“There is no higher priority for us at this time than to rapidly gather the facts so that we can provide answers to our customers.” Drake said yesterday. “We know these types of incidents can cause frustration and concern and we apologize for that.”

Photographer: Patrick T. Fallon/Bloomberg

Home Depot Inc. first announced that it was investigating the suspected data breach... Read More

The probe follows a flurry of data-security failures. Last week, Bloomberg News reported that JPMorgan Chase & Co. and at least four other banks were targeted by hackers in a coordinated attack. Celebrities relying on Apple Inc.’s iCloud service to store photos also had nude pictures stolen and posted online in recent days. Over the past year, retail chains such as Target Corp. (TGT), Supervalu Inc. and Neiman Marcus Group Ltd. have all endured attacks.

Stock Decline

Home Depot shares fell 2.4 percent to $89 in New York yesterday, following a drop of more than 2 percent the previous day. The incident has also prompted credit-card issuers such as Citigroup Inc. to step up efforts to protect customers.
Kristen Batch, a spokeswoman for Mountain View, California-based Symantec, confirmed that the company was working with Home Depot. She declined to comment further. John Van Blaricum, vice president of marketing at Overland Park, Kansas-based FishNet Security, also declined to comment.
The suspected breach may have occurred in late April or early May and could encompass almost all of Home Depot’s roughly 2,200 U.S. stores, according to Brian Krebs, the founder of KrebsOnSecurity. That means it could be much larger than the Target incident, he said.
“The criminals are getting smarter faster than the companies,” said Jaime Katz, an analyst at Morningstar Inc. in Chicago. “If it is something on the scale of Target, there is obviously significant concern.”