If news of the massive data breach affecting Home Depot sounds all too familiar, it might be — more than we know. According to a new report, the malware that cracked Home Depot’s system is the same — or a variant of — the one that affected Target. The malware pinches data when a card is swiped at a point-of-sale terminal in stores.
Called BlackPOS, the malware is what gave black-hat hackers all that Target customer data that found the retailer reeling and in defense mode. According to Krebs Security, those close to the investigation are saying it’s a variant of that same malware, believed to be little more than a modified strain of the virus to thwart detection.
Not only could this be the same (or similar) software, it’s also believed the same group responsible for the Target information takedown, and could be just as severe. According to Fortune, Home Depot and Target have similar annual revenue. NRF has them both ranked in the top five for US retailers; Target at the four spot, Home Depot just behind them at number five.
Card numbers and info from the Home Depot hack are already being sold, according to Krebs. They’re even being hocked on the same black market site the Target card numbers were being distributed on. Like the Target breach, the numbers seem to be trickling out in batches, and should come over the next several months.
Home Depot has yet to officially confirm a breach, as they’re likely trying to gauge the scope of what is happening, and how to best move forward. If you’ve recently shopped at Home Depot (especially if you’re a small business or contractor), it may be best to check your card statements for suspicious activity.