Home Depot tech employees warned their then-employer of network vulnerabilities as far back as 2008, several ex-employees have told the New York Times. They said the retailer used outdated protection software, didn’t regularly scan for malware, and dismissed their concerns.
The retailer’s chief of tech security, Ricky Joe Mitchell, in fact, was convicted in May on federal charges of sabotaging his former employer’s network, and remained in his position at Home Depot for months after his indictment in January this year.
Mitchell also had a history of compromising data networks: He was suspended from his high school after confessing to implanting 108 computer viruses onto the school’s computer system in 1996.
Home Depot’s reported poor record of protecting its computer systems from hackers is startling, especially considering that it apparently continued well after news of Target’s massive breach last year. The retailer’s retention of an IT professional known to be capable of mischief seems especially short-sighted. Unfortunately, the lessons for retailers, who are reportedly scrambling to ensure that their payment systems keep customer data safe, seem to have no limits.