Home Depot reportedly ignored warnings about its vulnerability

Former information technology employees at Home Depot claim that the retailer’s management had been warned for years that its retail systems were vulnerable to attack, according to a report by the New York Times. Resistance to advice on fixing systems reportedly led several members of Home Depot’s computer security team to quit, and one who remained warned friends to use cash when shopping at the retailer’s stores.

The risks were clear to computer experts inside Home Depot: The home improvement chain, they warned for years, might be easy prey for hackers. But despite alarms as far back as 2008, Home Depot was slow to raise its defenses, according to former employees. On Thursday, the company confirmed what many had feared: The biggest data breach in retailing history had compromised 56 million of its customers’ credit cards. The data has popped up on black markets and, by one estimate, could be used to make $3 billion in illegal purchases. Yet long before the attack came to light this month, Home Depot’s handling of its computer security was a record of missteps, the former employees said. Interviews with former members of the company’s cybersecurity team — who spoke on the condition they not be named, because they still work in the industry — suggest the company was slow to respond to early threats and only belatedly took action.