Home Depot Finally Tells 58M About Identity Protection Offer
Things looked bad when do-it-yourself chain Home Depot had to investigate a significant data breach at the beginning of September. At the time, no one realized just how extensive the problem would become.
And then last week Home Depot said that data thieves grabbed information on 56 million debit and credit cards starting in April 2014, as the New York Times reported. The company has announced that it will provide free identity protection to anyone who used a credit or debit card to shop there between April and September, according to the New York Post. But that's protection they could have had since September 8, if only someone had told them.
The breach of payment card data is the largest the world has seen, outstripping last year's Target breach of 40 million cards, according to Bloomberg Businessweek. Although the amount of additional fraud the company saw up to March 2014 was only 0.1 percent more than usual, the affects for consumers can take months or longer to become visible.
Home Depot announced that it would provide free identity protection through September 8, 2015. However, even though it had started the offer early in September, it reportedly didn't email customers to tell them until Friday, September 19, as the tech news site Mashable reported. In other words, many customers who could have asked for the protection for the last few weeks might not have known it existed.
The protection, provided through AllClear ID, includes identity repair assistance. Consumers can also sign up for additional free credit monitoring and an identity theft insurance policy.
Signing up for the additional services would be a wise move for people who had shopped at a Home Depot in the April to September timeframe. Not only can significant time elapse between a data breach and fraudulent use of information, but additional time can elapse between identity theft and reports to credit agencies that can indicate something is amiss.
If you shopped at Home Depot, examine each month's credit or debit card statements. If you see charges you don't recognize, immediately contact the financial institution. Timely reporting can offer significant legal rights under U.S. laws that limit the amount of personal exposure you see. Unfortunately, debit cards don't always enjoy the same types of protection, although some banks extend the same provisions to them.
Even if thieves don't use the credit card specifically, the information sometimes can help them establish new credit accounts in the victims' names. Carefully watching existing credit card statements wouldn't reveal that type of fraud. People who don't periodically review their credit information might not learn about a problem until they hear from collection agencies.
Home Depot says that it has already fixed the breach and will provide better encryption of card data. But according to the New York Times, security experts had warned the company for years that hackers might be able to easily break into their systems.
A report from KrebsonSecurity, a well-known blog devoted to computer security issues that initially broke the Home Depot story, about 1,700 of roughly 2,200 U.S. Home Depot locations and 112 stores in Canada were affected. The one bit of good news: The attacks may have been concentrated on self-service kiosks, although the investigation is still underway.