Home Depot’s customer credit card security team repeatedly raised “red flags” to superiors for years prior to the recent theft of some 53 million customers’ card information, and were consequently overworked, understaffed and ignored.
Ex-employees responsible for ensuring customers’ credit card data was encrypted told The Huffington Post that just last spring, half of the team’s eight people quit the company over frustration with higher-ups’ constant refusal to address security concerns — a problem that had been ongoing since 2011.
“It was painfully easy to capture that data,” an anonymous former employee said in the report. Believing the company’s lack of encryption to be illegal and frustrated with management, the employee quit last year.
Thirty of the company’s total 60 security employees left in 2011 after Jeff Mitchell took on the role of security chief in late 2011. Other employees allegedly described Mitchell as “bullying” and “abrasive.”
Several former employees told the New York Times they were not surprised by news of the hack, and said they had repeatedly asked management for new software and training to address security concerns, to which managers responded: “We sell hammers.”
One former manager told Bloomberg Businessweek that Symantec gave Home Depot systems a “health check” two months ago, which uncovered outdated malware detection systems. Upon announcing the hack earlier this month, the home-repair chain said customers as far back as April could be affected. (RELATED: Victims Of Home Depot Attack Are Having Their Accounts Drained Across The U.S.)