SAN FRANCISCO — The end of the road for the 56 million credit card numbers stolen a month ago from Home Depot turns out, often as not, to be a cheap meal at McDonald’s or a gallon of milk at Walmart.
“We’re generally not seeing $1,000 transactions where they’re buying wide-screen TVs,” said Rob Miller, chief operations officer with San Diego-based Mission Federal Credit Union.
The story of how a massive international data breach ended up at a fast food store in California’s Central Valley began last April.
That was when someone inserted malicious software — malware — into point-of-sale machines at Home Depot stores in the USA and Canada.
Many in the security community suspect the attackers were in Russia or Eastern Europe, but there’s no way to know for sure. What is known is that malware skimmed off credit and debit card information, undetected, for six months.
As many as 56 million cards were compromised, according to Home Depot.
Banks and credit unions began to see bogus charges appear almost immediately. Despite the far-reaching criminal networks that create these massive computer security breaches, the people who end up buying things with the stolen cards appear to be “just using them for day-to-day living,” Miller said.