Retailers' Customers Cautioned As Cyberattacks Continue
STEVE INSKEEP, HOST:
The latest big retailer to suffer a cyber attack is Home Depot. The big-box home repair store says some 56 million cardholders were possibly compromised in a cyberattack. It's the latest in a string of data breaches. And as NPR's Sonari Glinton reports, it is not likely to be the last.
SONARI GLINTON, BYLINE: Home Depot's data breach was first reported at the beginning of this month by Brian Krebs on his blog. He's the go-to guy for this kind of stuff, so he's going to help me explain how the Home Depot hack went down. It starts the moment you swipe your credit or debit card to complete a purchase.
BRIAN KREBS: There's this moment where the information gets transferred from the little terminal that you use to swipe your card - that is separate and apart from the cash register itself, which is essentially a Windows computer.
GLINTON: Krebs says the information, in this case, sits around for a leisurely fraction of a second or so. And then...
KREBS: And then it gets handed off to the cash register. And that's where the malware is designed to sit. That's where that malicious software lays and waits.
GLINTON: And before it gets encrypted and shipped to the bank and other destinations unknown, the hackers siphon off the valuable information. Home Depot said in a statement that there was no evidence that debit pin numbers were compromised or that the breach affected online shoppers. Krebs has some important advice for consumers. So pay attention, it'll go by quickly.
KREBS: Number one, it's important not to freak out about this.
GLINTON: Now, don't freak out, and...
KREBS: I always tell people, if you have a choice, don't shop with your debit card.
GLINTON: Krebs is alluding to special protections the law gives to those shopping with credit cards rather than debit cards. So how long are we going to keep hearing about big retail hacks like this?
KREBS: We're going to be dealing with this problem of small to medium-sized and large retailers experiencing this very same type of breach for at least the next year - probably more like two or three years.
GLINTON: That's all I got for an ending.
KREBS: I get to have the last word, do I?
GLINTON: Sonari Glinton, NPR News. Transcript provided by NPR, Copyright NPR.