I meant to write something up on this last week, but someone found a bug in bash that set my world on fire. I've asked several friends and family if they've heard about the Jimmy John's and/or Home Depot breach and the response has been less than encouraging. So here's the low done on the two breaches.
Home Depot
56 million debit and credit card numbers were stolen between April and September of this year:
Home Depot: 56M Cards Impacted, Malware Contained - Brian Krebs - Krebs on Security
It looks like the breach impacted all Home Depot stores in the US and Canada. If the numbers seem quite low for a four-to-five month breach it's because the self-checkout terminals seem to be the ones that got owned. Either way, if you shopped at Home Depot between April and September, get a new card issued from their bank. They'll be sure to send the bill to Home Depot, so don't let them talk you out of a new card. And oh hey look! Home Depot is offering free identity protection for 12 months. Be sure to sign up for that, but realize that "protection" won't stop nefarious people from using your identity for their own gain.
Jimmy John's
216 stores were found to have been affected by this event and Jimmy John's has been kind enough to provide a search tool for the stores that were owned.
Two stores were affected in South Carolina, one of which I've gone to in the last year. Luckily I haven't been there in the last three months. Bullet dodged. The tool is easy to use, just input a store number, city, state, address or date. Using a state's two-letter code should limit the results enough to help you identify if you've been affected by this particular breach. Full details can be found below on the incident.
Protect yourself
These are only two of the many breaches that have occurred this year. Goodwill has gotten popped as well as several other smaller and local businesses. Here are some tips for protecting yourself from identity theft that could occur from breaches like these:
Check bank statements regularly. It's ridiculously easy to do and should only take 10-15 minutes. I would recommend trying to check bank statements at least once a week. With online banking it shouldn't take more than 10-15 minutes to pop in and check what's been purchased on all your cards.
Also, I would highly recommend using credit cards instead of debit cards. It's a lot easier to replace a credit card than it is a debit card.
Finally, I would recommend cash, but then you have to worry about skimmers on ATM machines, so I won't. =P
Happy shopping!
This post first appeared on Exploring Information Security.