Former members of Home Depot's security group revealed that the payment system that the retailer uses was not a system that encrypts data from credit and debit cards. This window could allow potential hackers to take advantage of the customers' data.
Last September 8, Home Depot confirmed one of the biggest breaches of credit and debit card data in U.S. history. Hackers were stealing data for over four months from Home Depot's over 2,000 stores in United States and in Canada.
Sources say that the software used by the retail giant is already outdated and that the security level was only mediocre. Though Home Depot invested in a data-encrypt tool from Voltage Security to protect client data this year, the installation of this system was still not complete. This was before the announcement of Home Depot's security breach last September.
According to several employees who refuse to be named, a check on the retailer's system a couple of months ago revealed an outdated malware-detection system. When the information security personnel escalated the issue, the upgrade was not approved by their technology executives. They wanted to settle for a "C-level security" because an upgrade would entail additional cost.
Home Depot is currently using the program Symantec's Endpoint Protection 11, an antivirus software used for its sales which was released last 2007. In 2011, Symentec released version 12 which would protect the data more than the eralier vesrion. This year, Symantec began to phase out its customer support for version 11 and will end it's life cycle for that version by January next year.
Despite the plea of employees to update the system, the retailer's executive insisted on staying with the current version.
Over the past few years, employee turnover on Home Depot's information security team was high. Home Depot's current information security chief Jeff Mitchell could not be reached for any comments.
