Deja vu, all over again

In the Target data security breach last year, the door was opened by a small refrigeration contractor who was using a non-commercial version of an antivirus software. This allowed the hackers to reach the information on credit cards that was not adequately fenced off from the rest of the system’s information.

“Home Depot Hackers Stole Buyer Email Addresses,” Wall Street Journal, November 7, 2014 A1. Hackers stole a password from one of Home Depot’s contractors.  Not only did the hackers get credit card information, they also got 53 million customer email addresses.  Apparently, the lessons learned at Target hadn’t yet been fully implemented.  But they managed to finish a lot of glossy manuals on how to avoid a hack, post-Target.  Another instance of a flaw in Microsoft’s Windows Operating System.  And the payment terminals in the stores were labeled as such in the system, making them easier to find.

Big ships take a long time to turn around, and Home Depot could have been more nimble here.  How long would it take your company to implement the necessary changes following the report of a breach at a similar company?


Leave a comment

Filed under Board, Business Case, Business Continuity, Controls, Duty of Care, Governance, Interconnections, Internal controls, IT, Management, Operations, Oversight, Oversight, Privacy, Protect, Protect assets, Protect information assets, Risk, Security, Third parties

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s