In the Target data security breach last year, the door was opened by a small refrigeration contractor who was using a non-commercial version of an antivirus software. This allowed the hackers to reach the information on credit cards that was not adequately fenced off from the rest of the system’s information.
“Home Depot Hackers Stole Buyer Email Addresses,” Wall Street Journal, November 7, 2014 A1. Hackers stole a password from one of Home Depot’s contractors. Not only did the hackers get credit card information, they also got 53 million customer email addresses. Apparently, the lessons learned at Target hadn’t yet been fully implemented. But they managed to finish a lot of glossy manuals on how to avoid a hack, post-Target. Another instance of a flaw in Microsoft’s Windows Operating System. And the payment terminals in the stores were labeled as such in the system, making them easier to find.
Big ships take a long time to turn around, and Home Depot could have been more nimble here. How long would it take your company to implement the necessary changes following the report of a breach at a similar company?