Shelly Banjo of the Wall Street Journal breaks down the latest report on the Home Depot security breach from April. Not only were 56 million credit cards compromised, but 53 million email addresses were taken as well.
Banjo discusses the the details of the hack and the criticism levied against Home Depot: that it acted too slowly, failed to segment parts of its data systems from outside vendors and that it focused too much on known threats rather than novel security breaches.
Once inside Home Depot’s systems after gaining credentials from the outside vendor, the hackers were able to jump the barriers between a peripheral third-party vendor system and the company’s more secure main computer network by exploiting a vulnerability in Microsoft Corp. ’s Windows operating system, the people briefed on the investigation said.
Microsoft issued a patch after the breach began, and Home Depot installed it, but the fix came too late, the people added. Afforded such access, the hackers were able to move throughout Home Depot’s systems and over to the company’s point-of-sale systems as if they were Home Depot employees with high-level permissions, the people said.