Home Depot may have left data vulnerable

In the wake of Home Depot's (NYSE:HD) recent data breach, fingers are pointing and accusations flying that the retailer had known for years its systems were vulnerable to hackers.

The home improvement chain has confirmed it had experienced the largest data breach of credit and debit card information in history, compromising 56 million customers and their bank accounts. This tops even Target's (NYSE:TGT) 2013 breach, which exposed the credit card information of more than 40 million shoppers, and comes second only to the heist of 90 million records at TJX Companies in 2007.

Now, former members of Home Depot's cyber security team have come forth alleging that the company had been recieving warnings dating back to 2008, but ultimately failed to heed them, reported the New York Times. According to these unnamed sources, Home Depot had outdated software, and when management dismissed concerns, several on the team left. One even warned friends to pay only with cash at Home Depot stores.

In 2012, a computer engineer hired by the retailer to oversee cyber security was later sentenced to four years in prison for deliberately disabling computers at a company he worked for previously, according to the NYT.

Following Target's breach, Home Depot turned to Voltage Security, a data security company, but by then it was too late. Hackers were well into the retailer's systems. Home Depot received reports from banking partners and law enforcement that criminals may have hacked payment data systems between April and September.

Data breaches are an ongoing threat, but warnings and concerns were reportedly dismissed by Home Depot, despite multiple reports and studies showing that IT and security issues have become top priorities for large retailers. At Home Depot, according to the NYT, employees who sought to upgrade tools or training were often denied and simply told, "We sell hammers."  

For more:
-See this New York Times story

Related news:
Backoff malware widespread, PCI Council issues call to action
How to prevent Target-like data breaches
Shoppers stop buying online after breaches
Supervalu reports data breach
Target and PF Chang's breaches 'the tip of the iceberg'