The letter sent by The Home Depot to customers (on left, click to enlarge) about their recent security incident. I can only think of 56 million reasons why this letter is unacceptable. Offering free identity services is helpful but it’s entirely irrelevant to the top concern – poor security. A more satisfying plan would be additional transparency around security efforts, communicate an improvement plan, and regular public reports of progress against the plan. In testimony to Congress Target provided several assurances and the first item on the list,
“First, we are undertaking an end-to-end review of our entire network and will make security
enhancements, as appropriate.” [Target to Congress]
The Home Depot seems to be following Target’s game plan. However, due to the lack of transparency at the The Home Depot it’s not clear the actions taken address the security concerns. Perhaps as the investigation progresses more communications are forthcoming.
I’m seeing a trend, a public weary of excuses around poor security and lack luster responses. If this incident takes a similar trajectory to the Target incident, I would not be surprised to to see some executive turn over, finger pointing, and “I told you so’s” from ex-security staffers, in the coming months. Given the magnitude of this incident, we may even see renewed enthusiasm from Congress on security.