Although the initial reports about the Home Depot databreach indicated the attack was extensive, the latest details suggest the breach seemed to have been chain-wide, hitting virtually every single store in the chain.
According to the report on Krebs On Security, the significance of the attack being that widespread involves the way fraud systems react to stolen cards. “The ZIP code data allows crooks who buy these cards to create counterfeit copies of the credit and debit cards and use them to buy gift cards and high-priced merchandise from big box retail stores. This information is extremely valuable to the crooks who are purchasing the stolen cards, for one simple reason: Banks will often block in-store card transactions on purchases that occur outside of the legitimate cardholder’s geographic region (particularly in the wake of a major breach),” the story said. “Thus, experienced crooks prefer to purchase cards that were stolen from stores near them because they know that using the cards for fraudulent purchases in the same geographic area as the legitimate cardholder is less likely to trigger alerts about suspicious transactions — alerts that could render the stolen card data worthless for the thieves.”
Also interesting is how Krebs established the likely number of stores hit: The publication “pulled down all of the unique ZIP codes in the card data currently for sale from the two batches of cards that at least four banks have now mapped back to previous transactions at Home Depot. KrebsOnSecurity also obtained a commercial marketing list showing the location and ZIP code of every Home Depot store across the country. Here’s the kicker: A comparison of the ZIP code data between the unique ZIPs represented on Rescator’s site, and those of the Home Depot stores shows a staggering 99.4 percent overlap.”