Case Study: The Home Depot Data Breach

by Brett Hawkins
Sept. 1, 2017 2 comments SANS Institute Encryption & Authentication case studies

The theft of payment card information has become a common issue in today's society. Even after the lessons learned from the Target data breach, Home Depot's Point of Sale systems were compromised by similar exploitation methods. The use of stolen third-party vendor credentials and RAM scraping malware were instrumental in the success of both data breaches. Home Depot has taken multiple steps to recover from its data breach, one of them being to enable the use of EMV Chip-and-PIN payment cards. Is the use of EMV payment cards necessary? If P2P (Point-to-Point) encryption is used, the only method available to steal payment card data is the installation of a payment card skimmer. RAM scraping malware grabbed the payment card data in the Home Depot breach, not payment card skimmers. However, the malware would have never been installed on the systems if the attackers did not possess third-party vendor credentials and if the payment network was segregated properly from the rest of the Hom...

https://www.sans.org/reading-room/whitepapers/casestudies/case-study-home-depot-data-breach-36367

Avatar
negrii_irina88 4 months, 3 weeks ago

Darknet is popular among all over the world...I don't want to think that it could happen to me at some point

Reply
Avatar
Steven Ulm 5 months ago

Home Depot Data Breach was a interesting study. Should be part of cyber security classes. Maybe 102 (not 101) :)

Reply