Home Depot Reports Bigger Breach Than Target; Criminals Used Custom Malware

Target's data breach was bad, but Home Depot's is worse.

Home Depot announced Thursday that 56 million credit and debit cards were put at risk in the cyber-attack on its payment terminals. The company says that the malware used in the five-month breach from April to September has now been eliminated from its U.S. and Canadian networks.

For perspective, Target's infamous holiday breach compromised 40 million payment card numbers, along with 70 million other pieces of customer data. 

The home improvement chain says it was alerted to the breach on Sept. 2 and began investigations immediately. Home Depot reports that criminals used unique and custom-built malware, which had not been seen in previous attacks. 

Related: Why Uncovering a Network Security Breach Can Take Weeks or Months

Any terminals identified with malware have been taken out of service and the malware has been eliminated from the company's systems. New payment security protection is now in use, with enhanced encryption technology.

Home Depot's project to develop new encryption tech launched shortly following Target's breach in December. Since Target's hack, Neiman Marcus, P.F. Chang's and Michaels have all have made headlines for major data breaches. While it is convenient that Home Depot now has a new high-tech encryption system across the U.S., the questions remains: Could earlier action have prevented the hack?

More and more chains are battling targeted cyberattacks – and the hackers are winning. If execs aren't willing to step up and make security a top priority, they are likely to face the consequences personally. Just ask former Target CIO, Beth Jacob, and CEO, Gregg Steinhafel. 

Related: Viral App 'Yo' Hires Its Hacker