Please ensure Javascript is enabled for purposes of website accessibility

Home Depot's Data Breach Was Worse, But Target Was Punished More. Why?

By Rich Duprey - Sep 28, 2014 at 8:30AM

You’re reading a free article with opinions that may differ from The Motley Fool’s Premium Investing Services. Become a Motley Fool member today to get instant access to our top analyst recommendations, in-depth research, investing resources, and more. Learn More

The DIY center escaped relatively unscathed when its customers' data was compromised, while the retailer was punished. But it's more than just hacking overload that accounts for the different outcomes

Home Depot (HD 1.87%) investors had to be expecting the worst. The data breach the DIY superstore suffered far surpassed the one that hit Target (TGT 2.41%) last year, and the discount department store chain is still coming to grips with the fallout.

Where some 40 million account holders were compromised by the hackers that infiltrated Target's accounts, 56 million Home Depot account holders had their data breached.

The hack attack didn't take Home Depot offline. Photo: Flickr user Mike Mozart.

Yet despite the enormity of the revelation that hackers were compiling their information haul over a five month period -- Target's happened over just three weeks -- there's barely been a ripple in Home Depot's stock. After a slight drop following the discovery, it's bounced right back. Target's stock, on the other hand, remains depressed.

HD Chart

HD data by YCharts

Why the different responses?

Building a case for a discount
Is it "data breach fatigue?" Have we had so many of these break-ins that at this point consumers are just resigned to them occurring?

Between Facebook's violating our privacy regularly, Google admitting they're reading our emails, and the NSA screening every call, text, and email, maybe hacking into our credit card accounts isn't such a big deal anymore.

Not really. Even though the hack attack at TJX (TJX 0.75%) remains by far the biggest breach of confidence consumers have suffered to date, with over 90 million accounts stolen over an 18-month period, the Target and Home Depot episodes are still enormously significant events.

There are several differences between the two incidents that make the fallout from them understandable.

Shhh! If you ignore it, maybe it will go away
First, Target badly mismanaged its response to the hack attack. It didn't let its customers know there was a problem, but rather began working behind the scenes with banks, which immediately started placing limitations on how much consumers could spend on their credit cards.

Coming as it did right at the start of the Christmas holiday shopping season, consumers were rightly surprised they were having purchases rejected.

As I recounted last year, I was one of those Target customers whose accounts were comprised. I was only alerted to something being amiss when I received an unidentified robo-call saying I needed to speak to someone about my debit card account. It wasn't till weeks later that I and millions of other Target customers found out what the problem was.

In comparison, Home Depot was pretty upfront about the breach, and fortunately for it, the hacking occurred during the lazy days of summer and not when everyone was scrambling to buy gifts.

The site Krebs on Security was the first to suggest on Sept. 2 that there might be problems with Home Depot accounts, and when the company was contacted it admitted it was looking into it. A week later the DIY center confirmed that customer accounts at its U.S. and Canadian stores had indeed been compromised, though not those in Mexico, or online.

It announced last week that all of the malware that had been installed on its system, malware that was uniquely built to attack Home Depot and has not been seen elsewhere, had been removed.

Tales from the crypt
Second, it wasn't just Target account info that was stolen, but encrypted PIN data as well.

Because of the layers of security embedded in the encryption code, the likelihood of actual fraudulent activity occurring was small -- data entered at register keypads is encrypted three times, with the code for breaking it stored offsite at the payment processor. But it was still unsettling that such sensitive information was taken.

That didn't happen at Home Depot: there's not the same feeling of violation that consumers felt after Target's breach.

It's a matter of trust
In the end, it seems to come down to time and response. For Target, it couldn't have happened at a worse time -- and the company compounded the problem by not letting its customers know there was a situation.

Even so, despite the layers of encryption utilized to protect accounts, leaving all that sensitive data in the hands of retailers is still a dicey proposition.

Each time companies raise the bar of protection, hackers vault over it with even more sophistication. The business world is stuck playing catch up.

Maybe Apple's (AAPL 4.08%) new payment service, Apple Pay, is a solution. It removes the need for all that security by taking the data away from the retailer and locking it in a vault behind a fingerprint on your handheld device. You never give up control.

If nothing else, the latest data breach incident provides an impetus for exploring such decentralized data storage, and should serve as a warning to other businesses to be proactive in their approach to security and upfront with their customers.

Invest Smarter with The Motley Fool

Join Over 1 Million Premium Members Receiving…

  • New Stock Picks Each Month
  • Detailed Analysis of Companies
  • Model Portfolios
  • Live Streaming During Market Hours
  • And Much More
Get Started Now

Stocks Mentioned

The Home Depot, Inc. Stock Quote
The Home Depot, Inc.
$308.46 (1.87%) $5.65
Apple Inc. Stock Quote
Apple Inc.
$149.64 (4.08%) $5.86
Target Corporation Stock Quote
Target Corporation
$167.14 (2.41%) $3.94
Meta Platforms, Inc. Stock Quote
Meta Platforms, Inc.
$195.13 (1.83%) $3.50
The TJX Companies, Inc. Stock Quote
The TJX Companies, Inc.
$64.59 (0.75%) $0.48
Alphabet Inc. Stock Quote
Alphabet Inc.
$2,255.98 (4.16%) $90.06

*Average returns of all recommendations since inception. Cost basis and return based on previous market day close.

Related Articles

Motley Fool Returns

Motley Fool Stock Advisor

Market-beating stocks from our award-winning service.

Stock Advisor Returns
S&P 500 Returns

Calculated by average return of all stock recommendations since inception of the Stock Advisor service in February of 2002. Returns as of 05/27/2022.

Discounted offers are only available to new members. Stock Advisor list price is $199 per year.

Premium Investing Services

Invest better with The Motley Fool. Get stock recommendations, portfolio guidance, and more from The Motley Fool's premium services.