Home Depot’s recent data breach became the largest retail breach in history. From April to September 2014, 56 million credit and debit cards in the U.S. and Canada were compromised by hackers using malware. On September 2, Home Depot announced that the malware had been removed and hackers had been blocked from accessing the store’s data. The retail giant then released new encryption technology to all U.S. stores on September 15, and said the technology would reach all Canadian stores in early 2015.
The store’s corporate team recently issued a statement which emphasized “customers would not be liable for any fraudulent charges,” and that they are “offering free identity protection services, including credit monitoring, to any customer who has shopped at a Home Depot store in 2014, from April on.” The store then released an image containing “keys to customer protection.” See Home Depot’s full statement here.
Home Depot has faced criticism from numerous angles since the reports of this incident broke. It is said by multiple financial institutions that data was being stolen from stores up until September 7, a full five days after the store announced the malware had been removed and hackers were blocked from their system. Former employees also claimed the retailer was “slow to raise its defenses” when it came to protecting customer data. Another said that they urged friends to use cash, rather than credit cards, when shopping at Home Depot locations.
Though Home Depot was quick to react and make a statement following its largest retail breach in history, they provided inaccurate information. Though this may have been unintentional, it is always crucial to tell your story when all the facts are accounted for. Making a premature statement will leave question marks as further information is gathered and revealed. From a leadership standpoint, Home Depot needs to relay their previous cyber security efforts to the public, assuring them that they had not been openly at risk and that this was an anomaly and ultimately an isolated incident. If those efforts are nonexistent, then the store was ill-prepared and deserves the criticism and reputational damage it is facing. If you don’t tell your story, someone else will. And when someone else tells your story, it certainly won’t be the story you want told.
For more information regarding data breaches, do not hesitate to call the Fallston Group at 410.420.2001 or by email at info@fallstongroup.com.
