56 million credit cards were compromised in a recent hack on The Home Depot. Now, The New York Times is reporting that the company dismissed and largely ignored concerns put forth by security researchers as far back as 2008.
Former members of the company's cybersecurity teams spoke to the Times, and said that The Home Depot was slow to respond to vulnerabilities, and shrugged off warnings that it would be easy prey for hackers. Former employees also said that the company used outdated security software, which led to some of them even warning friends to use cash instead of credit cards at Home Depot stores. To make matters worse, The Home Depot's former security boss, Ricky Joe Mitchell, was recently sentenced to four years in prison for "deliberately disabling computers" at his previous company, the Times reports.
The Home Depot is only the latest retail chain to be hit by massive security leaks. In late 2013, Target was hacked, and information about 40 million credit and debit card accounts was compromised. Security researcher Brian Krebs speculated that the same hackers carried about both hacks. Either way, it appears that Target's misfortune was not enough to convince every company to audit their own security systems. "Several former Home Depot employees said they were not surprised the company had been hacked," reports the Times. "They said that over the years, when they sought new software and training, managers came back with the same response: 'We sell hammers.'"