UPDATE: The Home Depot has reported that 56 million credit and debit cards may have been compromised in a data breach that extended over a period of five months. The attack has been spotlighted as the largest data breach to hit a retailer. In fact, the breach is significantly larger and more severe than the one Target experienced, which impacted 40 million credit and debit cards during the 2013 holiday season.
The cybercriminals used custom-build malware to evade detection, the Home Deport reported in an announcement. Prior to eliminating the malware, the retailer put all impacted terminals out of service. The malware has since been eliminated from U.S. and Canadian networks.
As a result of the breach, the Home Depot is in the midst of rolling out a major payment security project that will provide enhanced encryption of payment data by scrambling card information to make it unreadable. The implementation will be completed by early 2015.
Retail TouchPoints’ original coverage of the news is below.
Advertisement
Over the past two years, a number of merchants have been impacted by data breaches, including Target, Goodwill, Michaels Stores, P.F. Chang’s, and most recently, The UPS Store and SuperValu.
Now The Home Depot is investigating a hack that may have left customers’ payment information at risk.
Although no reports indicate how many stores may have been impacted, preliminary analysis shared by KrebsOnSecurity indicated that the breach might extend to all 2,200 Home Depot stores in the U.S.
Several banks indicated that the breach “may extend back to late April or early May 2014,” according to the KrebsOnSecurity article. “If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period.”
Home Depot indicated that team members would alert consumers if it determines that a data breach occurred.
In a statement, Home Depot spokeswoman Paula Drake said: “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers.”