# Home Depot Data Breach Question



## newfoundlander61 (Feb 6, 2011)

Should anyone like myself who has used their canadian bank debit card at their local Home Depot get a new one? I use it throughout the year for different things, may be a good idea to go the the bank and just get a new card and cancel the old one.


----------



## carverman (Nov 8, 2010)

newfoundlander61 said:


> Should anyone like myself who has used their canadian bank debit card at their local Home Depot can the card and get a new one?


When did you use it at H-D?



> Hackers probably installed malicious software on Home Depot’s point-of-sale cash registers c*apable of stealing bank account information, names, card expiration dates and other data,* said Trey Ford, global security strategist for Boston-based software security company Rapid7 LLC. Such an incident would be another example of hackers relying on so-called Backoff malware, which the U.S. Secret Service estimates has been used to target more than 1,000 businesses over the past year.



http://www.thestar.com/business/tec...stigates_suspicious_credit_card_activity.html




> Home Depot also urges all of its customers to monitor their accounts and let their banks know if they notice any unusual activity.
> Impact in Canada not known
> It's still unclear, however, if any of the chain's Canadian customers might be affected. Home Depot has at least 180 locations in Canada.


https://ca.news.yahoo.com/home-depot-offers-credit-monitoring-132303827.html

of course, Home Depot is NOT going to help you if the hackers got your debit card info and your PIN number,
so change the PIN number immediately and call your bank on what to do with your debit card..re-issue??
You, not Home-Depot are ultimately responsible for your bank accounts..using a debit card these days is
not as safe as it was as few years ago..better to use a credit card, as the CC companies take the hacker hit,
if it's over $50 I believe..as long as you report any suspicious charges immediately.


----------



## Beaver101 (Nov 14, 2011)

carverman said:


> When did you use it at H-D?
> 
> of course, Home Depot is NOT going to help you if the hackers got your debit card info and your PIN number,
> so change the PIN number immediately and call your bank on what to do with your debit card..re-issue??
> ...


 .... aw crap, just shopped at HD this past weekend. But used cc, not debit so maybe not so crap-oh, hopefully, fingers crossed. Really can't keep up with all these [email protected]!


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> .... aw crap, just shopped at HD this past weekend. But used cc, not debit so maybe not so crap-oh, hopefully, fingers crossed. Really can't keep up with all these [email protected]!


From what I understand, this breach seems to be affecting the US H-D chain more than in Canada.
Similar to what happened a few months ago with Target. The only consumers affected with Target back then was the US credit card holders, and any Canadians that crossed the border to shop at the US Target stores...anyway...it may take a while for the full impact to be known.

As a matter of practice, I will no longer be using my bank debit card at any POS terminal from now on..only at my banks ATM, where the security is supposed to be a lot better. It is the new reality that the cyber criminals are getting smarter and somehow finding holes in the computer security systems to "set up shop" at the retailers..otherwise how the heck could they steal that many transactions info from POS terminals.


----------



## Beaver101 (Nov 14, 2011)

carverman said:


> From what I understand ...
> 
> As a matter of practice, I will no longer be using my bank debit card at any POS terminal from now on..only at my banks ATM, where the security is supposed to be a lot better. It is the new reality that the cyber criminals are getting smarter and *somehow finding holes in the computer security systems to "set up shop" at the retailers**..otherwise how the heck could they steal that many transactions info from POS terminals*.


 ... an inside job?


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> ... an inside job?


It has happened in the past, why can't it happen again? and again..and again?



> If 40 million credit and debit cards sounds like a lot, it is; but it's no record breaker. In 2*009, cyber-criminals hacked Heartland Payment Systems, a credit card processor, and stole data for 130 million cards.* Here's The Wall Street Journal on the modern history of mass credit card theft:





> Okay. But how does someone collect information for 40 million — or 160 million! — credit cards without being detected? In the Target hack case, it was not by infiltrating Target.com from the safety of the hackers' dark basements, it seems. *This hack appears to affect those shopping at nearly every brick-and-mortar Target location throughout the nation, without impacting those online*.





> This means *hackers had to hit the point-of-sale systems *— the hardware and software the retailer uses at the checkout line to process credit cards and record sales. "*As shoppers swiped or punched in their numbers on the checkout keypad, the hackers copied every single number*," reports Slate.





> Of course, this doesn't mean the baddies hoofed it to over 1,800 Target locations in the U.S. and Canada. *Rather, according to security experts, someone inside the company would have had to insert the malware on a Target machine*, says The New York Times.





> The other possibility is that a hacker "*persuaded an unsuspecting employee to click on a malicious link that downloaded malware that gives cyber criminals a foothold into a company's point-of-sale systems*," says the Times.


There you go ladies and gentleman.. TWO POSSIBLE SCENARIOS...and perhaps a "plant" inside the retail chain to help the hackers out. (aka 'TEAMWORK"), .for a price of course! 

Now each time you use that debit or credit card to complete the sale..a hacker (inside man) COULD be copying over your CC number and DEBIT CARD number AND your security PINs. The hackers can stay one step ahead of the 
retail chains trying to shut them out. 
it now seems that you just have to take your chances these days, and hope that the retail chain, where you last used your cards ..... .hasn't been compromised...at least not yet!:biggrin:

http://theweek.com/article/index/25...al-40-million-credit-card-numbers-from-target


----------



## J Watts (Jul 19, 2012)

Why not use the free credit monitoring through Equifax?

http://forums.redflagdeals.com/free-equifax-monitoring-1-yr-result-home-depot-data-breach-1550489/


----------



## carverman (Nov 8, 2010)

J Watts said:


> Why not use the free credit monitoring through Equifax?
> 
> http://forums.redflagdeals.com/free-equifax-monitoring-1-yr-result-home-depot-data-breach-1550489/


How do we as consumers know that this isn't a setup by Equifax to get everyone to sign up for one year for free ?...and then they
start billing you after that for extended coverage, which most people will go for.

How is this going to help you if you used your debit card at H-D and the cybercrooks got your banking data on
the magnetic strip on the bank of your debit card AND your pin number?


----------



## Beaver101 (Nov 14, 2011)

News update:

Data breach spurs lawsuit on behalf of Home Depot’s Canadian customers .... 

http://www.theglobeandmail.com/report-on-business/data-breach-spurs-lawsuit-on-behalf-of-home-depots-canadian-customers/article20664105/


----------



## Plugging Along (Jan 3, 2011)

carverman said:


> How do we as consumers know that this isn't a setup by Equifax to get everyone to sign up for one year for free ?...and then they
> start billing you after that for extended coverage, which most people will go for.
> 
> How is this going to help you if you used your debit card at H-D and the cybercrooks got your banking data on
> the magnetic strip on the bank of your debit card AND your pin number?


We did sign up when target was breeched. If you have the promo code they do not ask you for any other payment information. At the end of the year, if you want to renew, which they will get you to try, then you will have to provide your payment credit card. If you don't give it to them they just cut you off. It is not one of those that once you sign up you have to jump through hoops to stop, I hope not at least. I not at the end of my year, but that is what I was told when I called.


----------



## RBull (Jan 20, 2013)

carverman said:


> When did you use it at H-D?
> 
> 
> 
> ...


While this is true in the context of "ultimately responsible" it is worth noting that all 3 parties have a duty and stated commitments to maintain confidentiality and and ensure security- the account holder, the financial institution and the retailer. In this case the retailer did not hold up their end of the bargain, that may ultimately affect the customer/account holder. There really needs to be greater accountability and consequences for retailers in these kind of cases. 

As you mention debit cards are not as safe. I have never used mine at a retailer due to the potential for security breach and access to other bank/investment accounts etc; only at my banks ATM. CCs help limit liability.


----------



## AltaRed (Jun 8, 2009)

RBull said:


> As you mention debit cards are not as safe. I have never used mine at a retailer due to the potential for security breach and access to other bank/investment accounts etc; only at my banks ATM. CCs help limit liability.


Agree. I have never used a debit card at anything other than a bank ATM and never will do so. Some folks, of course, do not have that option if they do not (or cannot) have credit cards, or have trouble managing their CC balances, i.e. not able to pay off fully each month. In these latter cases, restricting themselves to use of debit cards is good financial responsibility/discipline.


----------



## kcowan (Jul 1, 2010)

I use my debit card at the liquor store to get cashback. No extra charge and no trip to the ATM. Done this for years without problems.

(I do not use it anywhere else except their ATM though!)


----------



## carverman (Nov 8, 2010)

RBull said:


> As you mention debit cards are not as safe. I have never used mine at a retailer due to the potential for security breach and access to other bank/investment accounts etc; only at my banks ATM. CCs help limit liability.


There have also been a few incidents of clerks "skimming" debit cards in the past. One reason is to NEVER hand your debit card
to a store clerk, or gas station attendent that does not have the newer POS terminal where the customer is control of the purchase.


----------



## carverman (Nov 8, 2010)

kcowan said:


> I use my debit card at the liquor store to get cashback. No extra charge and no trip to the ATM. Done this for years without problems.
> 
> (I do not use it anywhere else except their ATM though!)


Liquor stores, beer stores may be ok. I've used my debit card in both of those fine establishments in the past, but with CC and debit card hacking on the rise, usually an "inside job" in today's "electronic economy" as a rule of thumb, it is probably still safer to use your credit card and collect air miles or whatever, but again it's simply a matter of who you
can still trust these days...certainly not Target or H-D anymore. 
So far, there have been no incidents of LCBO or The Beer Store being hacked.:biggrin:


----------



## newfoundlander61 (Feb 6, 2011)

Getting back to my original question, is a simple pin card sufficient to prevent possible unauthorized charges or does the card need to be cancelled and a new one issue. Just wanting to do my part to prevent the HD breach from popping up due to this weeks news article about it now starting to show up south of the border.

http://www.cnbc.com/id/102027452#


----------



## RBull (Jan 20, 2013)

^ I don't know the answer to your question. 

Some of the answer probably has to come from your own comfort level with the situation -very concerned = new card

I would inquire with your financial institution to ask for their input on the security risk and suggested course of action, such as new PIN/ new card etc.


----------



## Beaver101 (Nov 14, 2011)

newfoundlander61 said:


> Getting back to my original question, is a simple pin card sufficient to prevent possible unauthorized charges or does the card need to be cancelled and a new one issue. Just wanting to do my part to prevent the HD breach from popping up due to this weeks news article about it now starting to show up south of the border.
> 
> http://www.cnbc.com/id/102027452#


 ... not sure how much of a hassle it would be for you to get a new bank debit card issued. But if you're very concerned (i.e.. all bank accounts are tied to that debit card, etc.), then highly suggest getting a new one issued. At the same time, HD's website has stated:



> ...
> If you need identity repair assistance during the next 12 months, starting on September 8, 2014, the team at AllClear ID is ready and standing by to assist you. There is no action required on your part at this time. If a problem arises, simply call 1-855-252-0908 and a dedicated investigator will do the work to recover financial losses, restore your credit, and make sure your identity is returned to its proper condition.
> ...


https://homedepot.allclearid.com/

So if you do nothing due to too much of a hassle, H-D has the ultimate responsibility for this breech. The way I look at with "doing nothing is" - should your banking information get breeched, it'll be a real good test on your bank's "security - electronic et al".


----------



## birdman (Feb 12, 2013)

Was talking to a Mastercard employee enquiring about my account and they noticed a couple of charges to Home Depot. They immediately cancelled my card and are sending me a new one. The are obviously concerned.


----------



## Beaver101 (Nov 14, 2011)

frase said:


> Was talking to a *Mastercard *employee enquiring about my account and they noticed a couple of charges to Home Depot. They immediately cancelled my card and are sending me a new one. *The are obviously concerned*.


 ... good to hear that they're doing their job. 

I used my Amex and here's their notice. 



> Important notice about The Home Depot
> 
> The Home Depot recently reported that there was unauthorized access to payment data systems including at its U.S. and Canadian stores. American Express has put fraud controls in place and we continue to closely monitor the situation.
> 
> ...


 ... there is no instruction about even changing my PIN so I follow their instructions to closely monitor my transactions. Less concern with CCs. Definitely more concerning with debit cards.


----------



## newfoundlander61 (Feb 6, 2011)

Went to my local branch tonight and got a new card, they can issue one on the spot if you don't want your name on it. Also reduced my daily spending limit from $3000 to $500, changed my pin also. Well I feel better know and have done my part.


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> ... not sure how much of a hassle it would be for you to get a new bank debit card issued. But if you're very concerned (i.e.. *all bank accounts are tied to that debit card, etc.), then highly suggest getting a new one issued*. At the same time, HD's website has stated:
> [/quote}
> 
> Absolutely true..happened to me a few years ago.
> ...


----------



## Beaver101 (Nov 14, 2011)

newfoundlander61 said:


> Went to my local branch tonight and got a new card, they can issue one on the spot if you don't want your name on it. Also reduced my daily spending limit from $3000 to $500, changed my pin also. Well I feel better know and have done my part.


 ... that was easy, good stuff! :encouragement:


----------



## Beaver101 (Nov 14, 2011)

carverman said:


> ...
> 
> Absolutely true..happened to me a few years ago.
> 
> ...


 ... man, what a nightmare experience. Stealing your $$$ is one bad thing but getting your ID stolen is even worst. 

I'm surprised the bank had admitted (which is good) it was their fault for not acting fast enough in your case. While not related to this topic, my father had the unfortunate incident of not only having his $ stolen by a bank employee (after their internal investigation) but had to "prove" that it was not an unauthorized withdrawal by a family member by having to swear an affidavit that required a lawyer's notarization. And the <bleeping> bank did not reimburse him for the lawyer's fee nor did they admit that it was their fault as they refused to say it was an employee who did the withdrawal, citing "privacy" law. Such BS. Banks will always be on my scorn list.


----------



## carverman (Nov 8, 2010)

Beaver101 said:


> ... man, what a nightmare experience. Stealing your $$$ is one bad thing but getting your ID stolen is even worst.


I was extremely nervous for the first 6 months after I got robbed. My spare vehicle key and HOUSE KEY was in my wallet as well. Since they had my address from my driver's licence/ownership and my OHIP number, they could have come back to pick me off any time they wanted and steal my vehicle as well, so I had a car alarm installed right after they attempted to break into my vehicle, which was locked, but no alarm or a c lub (across your steering wheel and lock in place). 

The passenger door handle was damaged a bit from their attempts to break in, but failed, as it was in the middle of the night and their jimmy bar/screwdriver ended up bending the locking mechanism so the door wouldn't open. 

Not sure if they were after the vehicle or the air bags, as there was some reports of thefts of airbags from vehicles in Ottawa in 2000. 

In any case, after getting my wallet stolen and attempted vehicle theft, I went for the "full monty"..security everywhere..so far no more attempts since then ("touch wood") as the gang of thieves probably moved on..if they were renting somewhere in the west end of Ottawa.



> I'm surprised the bank had admitted (which is good) it was their fault for not acting fast enough in your case. While not related to this topic, my father had the unfortunate incident of not only having his $ stolen by a bank employee (after their internal investigation) but had to "prove" that it was not an unauthorized withdrawal by a family member by having to swear an affidavit that required a lawyer's notarization.


That seems to be happening more often these days, as most bank employees are pretty much all part time now (no benefits) and some are "foreign workers" as well. Different times and certainly it is not the same dedication to the job as the RFT (regular full time) bank tellers with benefits used to have. 

If there is an unauthorized withdrawal from your account, and it is not the result of a robbery, the police will not be involved and it highly unlikely you can get the bank to agree to anything..as they will ALWAYS assume in that case that it is your fault for giving your pin to a family member/friend or withdrawing the money yourself. 

You have to state your case FIRST with the branch manager, document everything, the date of appointment, what was said, and what the bank branch manager's reply was for your case. 

If the branch doesn't feel it is their fault, then you may have to escalate it up the ladder as they say..the banks ombudsman for further consideration. It IS a lot of paperwork, and depending on how much money is missing
from your account(s) it may be still worthwhile..as it doesn't cost you anything, unlike going to a lawyer. 



> And the <bleeping> bank did not reimburse him for the lawyer's fee nor did they admit that it was their fault as they refused to say it was an employee who did the withdrawal, citing "privacy" law. Such BS. Banks will always be on my scorn list.


In that situation, the *only recourse is that every major bank has an ombudsman that will consider your request for compensation*, (not the lawyer's or public notary fees though), and in some cases you will get a re-imbursement back from the bank VIA the Bank Ombudsman. 

You have to have ALL the details though, ie: when, where, how much, how you determined it was unauthorized,
the account numbers, the branch number, and any correspondence, (verbal or written letter) with the branch manager.

At least , armed with this kind of information available to support your case, the bank ombudsman will look at the evidence, and order a possible investigation into the matter, as well a possible re-imbursement for the missing money.

Here is the link to the CIBC bank ombudsman,that I had to deal with in the past for a re-imbursement.
(Other major banks will have similar processes in place.)
https://www.cibc.com/ca/cibc-and-yo...ommitment/resolving-complaints/ombudsman.html



> Our Role and Mandate:
> The office of the CIBC Ombudsman works closely with both clients and CIBC’s business leaders to address client concerns.
> 
> *Our mandate is to review unresolved complaints involving CIBC and its group of companies (collectively CIBC). We try to settle disputes fairly through an independent and thorough investigation. Recommendations are non-binding and parties are free to pursue other avenues if a settlement is not reached.*
> ...


----------



## CDIC_SADC (Oct 1, 2013)

Hi folks, this is Jeams from CDIC.

While CDIC deposit insurance insures Canadians’ savings against the failure of their member institutions; it does NOT protect against fraud, theft or scams resulting in depositors losing their savings. The Financial Consumer Agency of Canada (FCAC) has useful tips on their website on how you can protect yourself from debit card fraud. Here’s the link: http://www.fcac-acfc.gc.ca/eng/resources/publications/fraud/Pages/ProtectY-Proteacu-0.aspx .


----------



## carverman (Nov 8, 2010)

CDIC_SADC said:


> Hi folks, this is Jeams from CDIC.
> 
> While CDIC deposit insurance insures Canadians’ savings against the failure of their member institutions; it does NOT protect against fraud, theft or scams resulting in depositors losing their savings. The Financial Consumer Agency of Canada (FCAC) has useful tips on their website on how you can protect yourself from debit card fraud. Here’s the link: http://www.fcac-acfc.gc.ca/eng/resources/publications/fraud/Pages/ProtectY-Proteacu-0.aspx .


Ok, so there is a process to protect you from debit card fraud. I wasn't aware of this, and when PCFinancial bank failed to cancel my access debit card after I phone them to tell them it was stolen, they did re-imburse me EVENTUALLY , and maybe it could have been with this method?

excerpt from the above link, you provided:


> *Is there any protection against debit card fraud?*
> If transactions are made with your debit card without your permission, you may be protected by the *Canadian Code of Practice for Consumer Debit Card Services*. The Code states that you will not be responsible for losses that result from circumstances beyond your control. This could include, for example, technical problems such as a bank machine giving out one amount of cash but deducting a different amount from the account.
> 
> Other examples of situations where you would not be responsible for transactions made using your debit card include:
> ...


----------



## Beaver101 (Nov 14, 2011)

carverman said:


> I was extremely nervous for the first 6 months after *I got robbed*. My spare vehicle key and HOUSE KEY was in my wallet as well. Since they had my address from my driver's licence/ownership and my OHIP number, they could have come back to pick me off any time they wanted and steal my vehicle as well, so I had a car alarm installed right after they attempted to break into my vehicle, which was locked,* but no alarm or a c lub (across your steering wheel and lock in place).
> *
> 
> The passenger door handle was damaged a bit from their attempts to break in, but failed, as it was in the middle of the night and their jimmy bar/screwdriver ended up bending the locking mechanism so the door wouldn't open.
> ...


 ... you got robbed? How, I hope it wasn't knifepoint? Is it/was it that bad in your suburb area and stealing "airbags"? What good are airbags if they can't be re-installed in another vehicle? 

Your area sounds worst than TO, the thieves here do a smash and dash on vehicles parked out on the street and usually, they're looking at anything valuable in the vehicle that they can sell (eg. stereo systems). Unless you have a garage (and locked please), you would need a club for your vehicle because it'll be open-vehicle (like open-house) policy for these thieves. No doubt in your case, you would need "full monty" on security ($ that needs to be spent) since they got a hold of your house key plus ID ...jesus lord. It isn't just the goods that the thieves have made off with that put you on jitters but the whole violation aspect of it. 

Re the bank thievery in my case, the US$1K (alot for my dad who didn't even make minimum wage) was reimbursed as it was traced to an unauthorized withdrawal by one of their employee "after the bank's own internal investigation". Seeing there was an opportunity that there was little activity in the account (savings), the employee took that to lift the $ from the account. 

Being someone who didn't speak the language, there was no way my dad could go to the Ombudsman to complain even and my older sibling who had handled this matter for him was not assertive nor smart enough to advise my dad not to go to the lawyer first for the affidavit, let alone getting reimbursement for the lawyer's fee.


----------

