Monday, 22 September 2014 07:03

The Home Depot Ignored Security Warnings as Far Back as 2008

Written by

Reading time is around minutes.

Almost two weeks ago we wrote an editorial about how security issues are more about the corporate culture than just weak passwords. In it we described a problem that exists in far too many companies where executives and/or vendors are the ones that are setting the security policies instead of the IT or IT security teams. This situation can be exceptionally frustrating when you are trying to keep the “bad guys” out, but not everyone really believes that this is how things work. Now, after New York Times article describing how the Home Depot ignored their own security staff, people might be forced to finally get the bigger picture.

According to the article, which spoke to a number of former security personnel from the Home Depot, there were great concerns with the state of security at the DIY home improvement store. These concerns were largely ignored with comment such as “we sell hammers”. That is not the worst part of it though. Ricky Joe Mitchell, a former Home Depot security boss, was recently sentenced to some prison time for deliberately disabling computers at a company he used to work for.

Other claims laid at the Home Depots feet are much more in line with what we see in the industry, outdated software irregular scanning of important systems, slow responses to threats, and even the possibility of glazing over PCI (Payment Card Industry) requirements to continue operating. Some of these claims go as far back as 2008 and, in the end, resulted in a breach and the theft of an estimated 56 million credit cards and the details associated with them.

Home Depot is continuing to maintain that their primary concern is customer security, but the details of the hack and the length of time the intruders were in the system seem to belie that. Both Target and The Home Depot should be object lessons to every company out there: do not ignore security or trade it for ease of use. Extra security measures might make your day a little more complicated, but the alternative is to make millions of other people have a very bad day and that should be something that no company ever wants to have happen.

Tell us your thoughts.

Read 4608 times Last modified on Monday, 22 September 2014 07:06

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.