Home Depot Scrambling to Investigate Alleged Hack

When should Home Depot have disclosed a possible hack? There are varying opinions among regulators, lawyers & managers about when to disclose a data breach.

5 September 2014


Iconic retailer Home Depot is trying to determine if hackers have penetrated its network and stolen any customer data.

In a statement earlier this week, Home Depot acknowledged it was investigating a possible data breach. As of Friday, the company hadn’t confirmed if a successful hack had actually occurred. However, cybersecurity expert Brian Krebs wrote on Wednesday that the breach might have touched almost all of Home Depot’s stores.

Although it’s uncertain if the hack occurred, the unwanted media attention is certainly not doing Home Depot any good. Some articles claim that this could turn out be the largest credit card and debit card related hack in the United States — even topping that of Target, which lost 40 million card numbers.

The Hack Disclosure Debate

On Thursday, Home Depot’s CEO Frank Blake only confirmed that an investigation was ongoing, as an Associated Press story notes. While addressing investors at the Goldman Sachs Global Retailing Conference, Blake talked about the dilemma for a company facing a suspected hack. The managers can choose either to hold off announcing anything, or "communicate the facts as you know them,” Blake said. "We chose the latter path.”

In a prior blog, we discussed the wide variety of opinions among lawyers, regulators, and managers about what to disclose after a network penetration. Currently, the Securities and Exchange Commission is asking for cyber-assault victims to be more forthcoming about data breaches with their investors and customers. There may come a time when the rules about disclosure are more strict.

Time for Hardened Security is Now

It’s unfortunate that companies have to make a choice between disclosing a breach or not. A better debate is how to make enterprise security too strong to hack. However, Blake did say that by 2015, Home Depot will be activating chip-enabled checkout terminals in all of its locations to beef up card protection.

"Cybersecurity is a major issue," Blake said. Indeed it is. Recently, hackers penetrated the networks of multiple high profile organizations, including restaurant chain P.F. Chang’s, grocer Supervalu Inc., and even that of nonprofit Goodwill Industries.

It’s unfortunate to see some of the biggest and most recognizable companies remain so vulnerable. This hacking trend touches millions of consumers and citizens. One might hope that the businesses we trust would take better care of private data. It’s time to start.