Data Security

Despite its size, Home Depot's data breach has been met with a big, fat yawn in many circles. Why? In September, Home Depot said that its payment systems had been breached, which may have impacted roughly 56 million cards, making it significantly larger than the Target breach, which impacted about 40 million cards. Already, card-issuing banks J.P. Morgan Chase and Capital One have announced that they will send out new credit cards to those potentially impacted by the breach. While the Home Depot story is certainly garnering attention, consumers seem to be less angry about it than the Target breach. 

"Hi, I'm planning to launch an e-commerce site for women's apparel. The price point for the merchandise is between $150 and $500. I know the hardest part is going to be getting the website discovered. Could you give some advice on how to do that?" 
- Dina Agam, Entrepreneur

Sheplers, a western-wear retailer, on Friday reported it had been victimized by a data breach in which customer credit card information was exposed to hackers. The company said the breach involved credit cards used at its stores between June 11 and Sept. 4. Sheplers said it doesn't believe the incident affected its online store. The company said it's working with law enforcement investigators, but "at the present time, we believe it's safe to use payment cards at Sheplers." According to the company, the customer information at risk includes names, account numbers for credit and debit cards, and card expiration dates.

Home Depot said Thursday that a data breach that lasted for months at its stores in the U.S. and Canada affected 56 million debit and credit cards, far more than a pre-Christmas 2013 attack on Target customers. The size of the theft at Home Depot trails only that of TJX Companies’ breach of 90 million records in 2007. Target's breach compromised 40 million credit and debit cards. Home Depot, the nation's largest home improvement retailer, said that the malware used in the data breach that took place between April and September has been eliminated. 

Home Depot has confirmed that its payment systems were hacked at its U.S. and Canada stores starting in April. Customers who paid with cards may have had their data compromised. The company says there's no evidence that pin numbers from debit cards were stolen. On Sept. 2, Home Depot said it was working with banks and law enforcement to investigate reports that its stores could have been the source of a new batch of credit and debit card numbers being sold on the black market. 

As the summer winds down, students head back to school and there's a predictable upward trend in e-commerce activity in a number of categories. Scholars and their families are flocking to university websites to select courses, register and make tuition payments, and they're heading in droves to retailers like Ikea, Best Buy and Target to buy important supplies, furniture, electronics, clothing and more for the coming academic year. The National Retail Federation's 2014 Back-to-School Survey predicts the average family with children in grades K-12 will spend $669.28 on apparel, shoes, supplies and electronics this back-to-school season, up 5 percent from 2013.

LVMH Moet Hennessy Louis Vuitton SA ended a longstanding dispute with Google, agreeing to work with the world's largest search engine to help prevent vendors from advertising counterfeit goods online. LVMH had accused Google of violating its trademark rights by selling protected words as keywords that then link users to websites selling counterfeit items when they search under the French company's brands. Google in 2010 allowed the practice, following a European Union court ruling, bringing the company's policy in Europe in line with company rules in about 190 countries. 

Just when you thought it was safe to start accepting credit cards again…
Home Depot confirmed yesterday that it’s investigating some “unusual activity” with regards to its customer data.

A payment card industry security consortium warned retailers on Wednesday of the urgency to secure their systems against "Backoff," a malicious software program that steals card numbers. Backoff "represents a very real threat to the security of cardholder data in all organizations," wrote the PCI Security Standards Council, an organization founded by MasterCard, Visa, American Express and other credit card companies. The U.S. Secret Service and Department of Homeland Security warned last week that 1,000 U.S. businesses may be infected by Backoff, which wasn't detected by most anti-virus security software until earlier this month. 

When eBay announced in May that it had become the latest high-profile company to suffer a large-scale data breach, several top state law enforcement officials were quick to issue statements expressing concern and pledging to conduct investigations. In the ensuing week, numerous states teamed up to launch a joint probe of eBay's breach and its broader security practices, according to an official at the Connecticut attorney general's office, which along with the AGs in Illinois and Florida is leading the investigation. Connecticut Assistant Attorney General Matt Fitzsimmons said that "a fair number" of states have joined the probe.