Home Depot Finally Confirms Security Breach

After investigating a possible security breach since September 2, Home Depot has confirmed what could be the largest breach yet. While Target's recent incident affected 40 million customers, Home Depot's could approach 60 million.

The company has communicated with customers:

  • "Message to our customers" on the website home page links to a statement in which Home Depot apologizes, tells us that which purchases were affected, and offers help.
  • In an FAQ, the company tries to reassure customers and tells us about the investigation process and how we can find help.

 Home Depot Breach
New York Times blog post quoted an Internet security expert: "Honestly, Home Depot is in trouble here." Eric Cowperthwaite was highly critical of the company: "This is not how you handle a significant security breach, nor will it provide any sort of confidence that Home Depot can solve the problem going forward."

I'm a little worried: I've shopped at Home Depot recently. I registered for the free AllClear protection and received this email.

Discussion Starters:

  • Read Home Depot's statement and FAQs. What inspires confidence, and what makes you worry?
  • The breach was discovered and reported from a third party, and it took Home Depot a week to confirm the breach. Should the management team address this in its communications somehow?
  • Assess the email I received from Home Depot. Do you find it confusing?