[The original attempts to break in to Home Depot computer systems were stymied by their firewalls. The attackers didn't focus on Home Depot directly; they focused on exploiting the computers of 3rd party contractors doing work within Home Depot buildings. The breaches began only when visiting contractors attached their own (already exploited) computers inside the Home Depot firewalls or when they given credentials to penetrate the firewalls from already exploited computers at the contractors home offices.]

....from: http://9to5mac.com/2014/11/09/home-depot-windows-breach-macbooks-iphones/

Home Depot blames security breach on Windows, senior executives given new MacBooks and iPhoneshttp://9to5mac.com/2014/11/09/home-depot-windows-breach-macbooks-iphones/

[Home Depot Windows]

Earlier this week, The Wall Street Journalhttp://online.wsj.com/articles/home-depot-hackers-used-password-stolen-from-vendor-1415309282 published an in-depth look at The Home Depot’s recent security breachhttps://corporate.homedepot.com/mediacenter/pages/statement1.aspx of its payment data systems, in which 56 million credit card accounts and 53 million email addresses of customers were compromised. A root cause of the security breach: a Windows vulnerability in the retailer’s main computer network.

“Once inside Home Depot’s systems after gaining credentials from the outside vendor, the hackers were able to jump the barriers between a peripheral third-party vendor system and the company’s more secure main computer network by exploiting a vulnerability in Microsoft Corp.’s Windows operating system, the people briefed on the investigation said,” writes the WSJ’s Shelly Banjo.

The report claims that while Microsoft did issue a security patch after the breach began, which was installed by The Home Depot, the fix arrived too late. According to sources familiar with the investigation, the hackers already had the ability to move across The Home Depot’s systems, including its point-of-sale system, as if they were high-level employees.

The report unravels a lot of details related to how the security breach played out, with one anecdote that I found particularly interesting. Following the breach, an IT employee allegedly purchased two dozen new MacBooks and iPhones for senior executives at The Home Depot, indicating that the home-improvement retailer may have lost at least some confidence in its Microsoft-based systems.

MacBooks and iPhones have faced their fair share of security vulnerabilitieshttp://9to5mac.com/2014/11/05/wirelurker-malware/ over the past few years, although recent studies conducted by Kaspersky Labshttp://securelist.com/analysis/kaspersky-security-bulletin/58265/kaspersky-security-bulletin-2013-overall-statistics-for-2013/ and similar firms have proven that both devices remain highly secure platforms in terms of protection against malware and other threats. But whether shiny new Macs and iPhones in The Home Depot’s boardroom will help it prevent another massive security breach remains to be seen.