http://arstechnica.com/security/2014/09/home-depot-ignored-security-warnings-for-years-employees-say/
By Sean Gallagher
Ars Technica
Sept 20 2014
Former information technology employees at Home Depot claim that the
retailer’s management had been warned for years that its retail systems
were vulnerable to attack, according to a report by the New York Times.
Resistance to advice on fixing systems reportedly led several members of
Home Depot’s computer security team to quit, and one who remained warned
friends to use cash when shopping at the retailer’s stores.
In 2012, Home Depot hired Ricky Joe Mitchell as its senior IT security
architect. Mitchell got the job after being fired from EnerVest Operating
in Charelston, South Carolina—and he sabotaged that company’s network in
an act of revenge, taking the company offline for 30 days. Mitchell
retained his position at Home Depot even after his indictment a year later
and remained in charge of Home Depot’s security until he pled guilty to
federal charges in January of 2014.
The Home Depot breach, which reportedly began in April of 2014 and went
undetected until earlier this month, exposed an estimated 56 million
credit card numbers. Home Depot spokesperson Stephen Holmes told the New
York Times that the company maintains “robust security systems.” Home
Depot officials have said that the malware used in the attack, BlackPOS,
had not been seen before and would have been difficult to detect with its
security scans.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
