IT Security Stories to Watch: Did Home Depot Ignore Red Flags?

Another week, another update in The Home Depot (HD) data breach saga. Several former Home Depot employees last week told The New York Times they believed the home improvement retailer “was slow to raise its defenses,” despite numerous cybersecurity red flags dating back to 2008.

How many Home Depot customers may have been affected by the data breach? And what can managed service providers (MSPs) learn from it? Find out in this week’s IT security stories to watch:

1. Home Depot’s data breach is bigger than Target’s

Several cybersecurity experts are calling Home Depot’s data breach “the biggest hack in the history of American retail” after Home Depot officials said 56 million customer credit cards and pin numbers were stolen.

“Looks like [hackers] got more credit card numbers from Home Depot than they did at Target,” cyberwarfare expert Robert Twitchell told VentureBeat.

The Home Depot data breach reportedly began in April and went undetected for five months.

BGR points out one anonymous cybersecurity expert estimated the 56 million stolen credit cards could generate $3 billion in illegal purchases.

2. Are financial and healthcare organizations’ sensitive data secure?

Antivirus software provider Kaspersky Lab found financial services and healthcare are the two business sectors most likely to see security concerns as a barrier to implementing IT virtualization technology.

A new Kaspersky survey of 3,900 IT professionals revealed 50 percent of financial services respondents agreed security concerns were hindering their adoption of virtualization technologies, followed by 49 percent of healthcare industry respondents.

Kaspersky noted both financial services and healthcare companies prioritize security more than businesses in other sectors due to the “huge amounts of highly sensitive user data” they manage.

“Conventional wisdom would suggest that security concerns toward new technologies might resonate strongly in financial services and healthcare, since both sectors manage huge amounts of highly sensitive user data,” Kaspersky said in a prepared statement. “Moreover, both these sectors are bound by strict compliance laws governing the protection and access of their corporate data.”

3. Google DoubleClick’s ad servers exposed to malware

Internet security software provider Malwarebytes reportedly discovered a malvertising campaign that involved Google (GOOG) online advertising technology company DoubleClick.

The Verge said a Google representative has confirmed DoubleClick was breached, and Malwarebytes has offered several recommendations to help customers deal with the cybersecurity issue.

“We rarely see attacks on a large scale like this, so we highly recommend that people keep their systems up-to date with current antivirus and anti-malware protection,” Malwarebytes wrote in a blog post.

4. Hackers attack Viator

Viator, a TripAdvisor company that specializes in tours and activities, has informed 1.4 million customers that a data breach affecting its websites and mobile offerings may have compromised customers’ credit and debit card numbers, email addresses and other personal information.

“We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems,” Viator told Skift.

Viator added “responding properly to the incident” is its top priority and is offering free identity protection and credit card monitoring services to its U.S. customers.

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].