case-study-home-depot-data-breach-36367 - Interested in...

Info icon This preview shows pages 1–4. Sign up to view the full content.

View Full Document Right Arrow Icon
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Case Study: The Home Depot Data Breach The theft of payment card information has become a common issue in today's society. Even after the lessons learned from the Target data breach, Home Depot's Point of Sale systems were compromised by similar exploitation methods. The use of stolen third-party vendor credentials and RAM scraping malware were instrumental in the success of both data breaches. Home Depot has taken multiple steps to recover from its data breach, one of them being to enable the use of EMV Chip-and-PIN payment cards. Is the use of EMV paymen... Copyright SANS Institute Author Retains Full Rights AD
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Case Study: The Home Depot Data Breach | 1 Brett Hawkins, [email protected] Case Study: The Home Depot Data Breach GIAC (GSEC) Gold Certification Author: Brett Hawkins, [email protected] Advisor: Christopher Walker Accepted: January 2015 Abstract The theft of payment card information has become a common issue in today’s society. Even after the lessons learned from the Target data breach, Home Depot’s Point of Sale systems were compromised by similar exploitation methods. The use of stolen third-party vendor credentials and RAM scraping malware were instrumental in the success of both data breaches. Home Depot has taken multiple steps to recover from its data breach, one of them being to enable the use of EMV Chip-and-PIN payment cards. Is the use of EMV payment cards necessary? If P2P (Point- to-Point) encryption is used, the only method available to steal payment card data is the installation of a payment card skimmer. RAM scraping malware grabbed the payment card data in the Home Depot breach, not payment card skimmers. However, the malware would have never been installed on the systems if the attackers did not possess third-party vendor credentials and if the payment network was segregated properly from the rest of the Home Depot network. The implementation of P2P encryption and proper network segregation would have prevented the Home Depot data breach.
Image of page 2
Case Study: The Home Depot Data Breach | 2 Brett Hawkins, [email protected] 1. Introduction On September 8 th , 2014, Home Depot released a statement indicating that its payment card systems were breached. They explained that the investigation started on September 2 nd and they were still trying to discover the actual scope and impact of the breach. Home Depot explained that they would be offering free credit services to affected customers who used their payment card as early as April of 2014 and apologized for the data breach. They also indicated that their Incident Response Team was following its Incident Response plan to contain and eradicate the damage and was working with security firms for the investigation ("The Home Depot, Inc. - News Release," 2014). This
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 4
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

0/0 PREVIEWS LEFT
Sign up to access 24/7 study resources for your classes

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern