Late last week, Home Depot, Inc. (NYSE: HD) reached out to nearly one in every six Americans with some unwelcome news.
In addition to the 56 million credit cards that were compromised in early September (the biggest credit card loss in U.S. retail history), 53 million email addresses were discovered to have been stolen by hackers located in Russia and Eastern Europe.
The breach, which began in April, went undetected for several months and has so far cost credit unions over $60 million in damages.
Home Depot has, to no surprise, been operating under heavy damage control. The company has offered its customers identity protection services, including a year of credit monitoring, and sent the following letter out last Thursday:
Dear Valued Customer,
The Home Depot has discovered that a file containing your email address may have been taken during the payment card breach we announced in September. The file contained email addresses, but it did not contain passwords, payment card information, or other sensitive personal information. We apologize for this incident and for the inconvenience and frustration this may cause you.
In all likelihood this event will not impact you, but we recommend that you be on alert for phony emails requesting personal or sensitive information. If you have any questions or would like additional information on how to protect yourself from email scams, please visit our website or call 1-800-HOMEDEPOT.
Again, we apologize for the frustration and inconvenience this incident may have caused. Thank you for your continued support.
Sincerely,
The Home Depot
For anyone who’s been affected, the letter seems relatively reassuring. The newly discovered breach only involved email addresses. No additional payment information has been stolen, and neither have any passwords.
Besides sending you an email asking for your password (a.k.a. phishing), there’s not much more these hackers can really do — according to Home Depot, at least.
Now, I’m not a programmer, so I’m not going to pretend I know how the nuances of this whole hacker business work, but I think it’s safe to assume that if you’re capable of stealing 56 million credit card numbers from a $130 billion company, you’re also capable of hacking into an individual email address.
And despite the fact that the recently reported breach did not contain payment information, this does not mean these hackers cannot connect the previously stolen payment information to the stolen email addresses.
The fact is, you probably have several emails sitting in your inbox right now that contain the last four digits of your credit card.
If you’ve ever ordered anything online, you’ve almost certainly received an email with text along the lines of “Payment confirmation for credit card ending in *********7753.” Once in your email, all a hacker needs to do is search his database of stolen payment information to find a card number with matching end-digits.
Once he does that, he can connect your full payment information not only with your name and email but also to where you typically shop online, your home address, and so forth.
In short, the more these hackers know about you, the easier it is to pretend to be you and to sneak by undetected.
The simple takeaway here is that if you’ve shopped at the Home Depot between April 2014 and September 2014, you should call your bank and get a replacement card immediately. A five-minute call is well worth protecting your credit.
We have you covered! Sign up for Tech Investing Daily’s FREE newsletter, Wealth Daily, today and gain first access to actionable stock market commentary, regular IPO updates, and weekly technical analysis. Plus, if you sign up right now, we’ll immediately send you our free report: “The Five Most Disruptive Trends In Tech.”
Scapegoating and Finger Pointing
In an effort to shift blame away from itself as much as possible, Home Depot has now begun to imply Microsoft (NASDAQ: MSFT) is at fault for the data breach.
The company is pointing to a vulnerability in its point-of-sale Windows machines for the hack. Management has even begun purchasing Apple (NASDAQ: AAPL) iPhones and calling them “bat phones” to suggest that using Apple products will boost company security.
But in all reality, it was Home Depot’s outdated system at fault. The company was using a 15-year-old version of Windows (Windows XP) that had not been patched for quite some time. The general logic looks something like this:
- Implement poor data security
- Get hacked
- Blame Windows
You have to give Home Depot credit for the clever PR move, though. A decade ago, when Windows was holding the lion’s share of the computer market, hackers mostly ignored Apple as a target because its user base wasn’t large enough. This allowed Apple to come off as more secure and to develop a reputation of being generally virus-proof.
But as Apple began to penetrate the market, the widespread belief that its operating systems couldn’t be hacked was proven to be false. The company struggles with malware on a daily basis now because where there’s a will, there’s a way, and no computer system is completely secure.
Nonetheless, much of the general public still views Apple computers as safer than PCs, so using Windows as a scapegoat isn’t such a bad ploy coming from Home Depot.
Sure, switching to Apple isn’t going to magically fix the company’s security issues, but it will at least lessen the number of pitchforks waiting at its doorstep.
Internet Vigilantes
Looking back a year, we’ve seen more high-profile computer security breaches than ever before.
Target (NYSE: TGT) had 40 million credit cards stolen in late 2013. The “Heartbleed” security bug was revealed in April 2014. Hundreds of nude celebrity photos were leaked during Celebgate in August. Home Depot’s breach was revealed in September.
And adding to the list of retail credit card theft, Albertson’s, Michaels, Neiman Marcus, P.F. Chang’s, and SuperValu were all breached by hackers in 2014.
If you think you’re immune, you’re not; CNNMoney recently reported that half of American adults were hacked at some point this year. That’s right: half! We’ve reached a point where your chance of getting hacked is as good as the flip of a coin.
For most folks, that’s not a particularly comforting statistic to hear, but for investors, it spells nothing short of an opportunity. Wherever there’s a problem, there’s also a demand for a solution, and cybersecurity is an obvious answer to these recent problems.
Specifically, you’ll want to keep an eye out for cybersecurity firms in enterprise and point-of-sale markets. Sophisticated hackers aren’t comparable to street thugs looking to take one wallet at time — they’re much closer to Wild West train robbers after a big heist.
Some companies worth checking out include Fortinet Inc. (NASDAQ: FTNT), Check Point Software (NASDAQ: CHKP), and EMC Corporation (NYSE: EMC).
Valuations aside, the trio has performed very well over the last 12 months.
Until next time,
Jason Stutman
Check us out on YouTube!
