Home Depot Admits Hack, Faces Federal and State Scrutiny
Bloomberg said that the SEC was investigating many breaches. The Home Depot hack shows how official (and public) attitude about data security is hardening.
11 September 2014
Underscoring the gravity of data breaches involving consumer data, Home Depot’s recently disclosed network hack has already prompted official inquiries, and even a customer lawsuit.
Word leaked last week that hackers had penetrated the retailer’s card payment systems. Home Depot first suspected it had been victimized on Sept. 2, after it received alerts from banks and police. Some experts suggested that Home Depot might have lost data on more than 40 million debit and credit cards.
This past Monday, following a hasty investigation, Home Depot confirmed the breach. Without offering much detail, the company stated the event could impact U.S and Canadian store customers. In the meantime, its internal information technology and security team continues to review the breach. Home Depot is also cooperating with third-party IT security firms, banking partners, and the Secret Service.
Despite Home Depot’s assurances, five states and two U.S. senators want to launch official inquiries, says Reuters. In fact, a spokeswoman for Connecticut Attorney General George Jepsen said there was a multi-state probe underway. (Other states involved include California, Illinois, New York and Iowa.) And U.S. senators Edward Markey of Massachusetts and Richard Blumenthal of Connecticut have asked for an investigation from the Federal Trade Commission.
"If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information," stated the senators. "Such conduct is potentially unfair and deceptive, and therefore could violate the FTC Act."
A Need for Data Security
In July, Bloomberg divulged that the Securities and Exchange Commission was investigating multiple hacked companies. The SEC wanted to know if the firms had adequately guarded their data — but also, if they had informed their investors about the extent of the hacks.
The case of Home Depot hack demonstrates how the official (and possibly public) attitude about network security is hardening. The demand is growing for businesses to protect the consumer data entrusted to them. The debate in the boardroom centers too much on what to do after the penetration — let’s move the discussion to what we can do to prevent the breach in the first place.