According to the article, which spoke to a number of former security personnel from the Home Depot, there were great concerns with the state of security at the DIY home improvement store. These concerns were largely ignored with comment such as “we sell hammers”. That is not the worst part of it though. Ricky Joe Mitchell, a former Home Depot security boss, was recently sentenced to some prison time for deliberately disabling computers at a company he used to work for.
Other claims laid at the Home Depots feet are much more in line with what we see in the industry, outdated software irregular scanning of important systems, slow responses to threats, and even the possibility of glazing over PCI (Payment Card Industry) requirements to continue operating. Some of these claims go as far back as 2008 and, in the end, resulted in a breach and the theft of an estimated 56 million credit cards and the details associated with them.
Home Depot is continuing to maintain that their primary concern is customer security, but the details of the hack and the length of time the intruders were in the system seem to belie that. Both Target and The Home Depot should be object lessons to every company out there: do not ignore security or trade it for ease of use. Extra security measures might make your day a little more complicated, but the alternative is to make millions of other people have a very bad day and that should be something that no company ever wants to have happen.
Tell us your thoughts.