While the breach has now been fixed, the criminal investigation is ongoing and involves various law enforcement agents, the secret service, and a number of security firms.
What other retailers can learn from how Home Depot handled the attack:
One of the potential positive takeaways from the Home Depot hack is how it was discovered relatively quickly after just five months - and just hours after the compromised credit card information was put up for sale online. While Target's high profile breach was discovered after just a few weeks, by comparison the Heartbleed encryption bug operated undetected for more than two years, and the recently discovered Bash Bug (also known as Shellshock) is a programming flaw that's existed in system software that's been around since 1989.
Nevertheless, the company is already subject to class action lawsuits filed in both the US and Canada which allege that the retailer failed to protect personal information and did not warn consumers about the breach in a timely manner.
While the fact that Home Depot's cyber-attack continued undetected for more than five months is nothing for the company to be proud of, and while Home Depot itself didn't discover the hack but was alerted to it by outside parties, the way it reacted swiftly to address the hack shows that it's learned from the mistakes of previous organizations when dealing with a potential security breach. JP Morgan Chase, for example, waited months after discovering its website had been hacked to alert the half-million holders of the bank's compromised prepaid cash cards - leaving customers upset about the bank's lack of communication and action.
From the time the potential breach was discovered on the morning of September 2, according to Home Depot's timeline, the company waited just a few hours before alerting the public and opening an investigation. Once the breach was confirmed Home Depot issued a press release and updated its website, giving customers information about the breach and what to do about it. Ten days later the breach was fixed. The subject of a massive cyber-attack, Home Depot's response, while not perfect, is something other companies will learn from moving forward.
The verdict:
The fact that the cyber-hackers used custom-designed malware to attack the Home Depot systems is a sign of the increasingly sophisticated techniques criminals are employing to sneak around standard security protocols. Companies can no longer afford to be satisfied with normal security features that have worked in the past. Additionally, companies cannot afford to wait until the existence of a previous or ongoing cyber-attack is revealed by someone outside the company - in Home Depot's case by journalist Brian Krebs.
As hackers become more and more creative companies must ensure their data is protected with the most up-to-date security features available. If current trends continue, most companies won't need to plan for whether a cyber-attack will happen, but plan for what will happen when it does.
