Home Depot confirmed Monday that customers who used cards at its U.S. and Canadian stores in the past six months may be impacted by a breach of its payment data systems.
"Home Depot's investigation is focused on April forward, and the company has taken aggressive steps to address the malware and protect customer data," the Atlanta-based retailer said in a statement. "The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on."
There is no evidence that debit PIN numbers were compromised, the retailer said.
Home Depot, which says it's still determining "the full scope, scale and impact of the breach," is the latest retailer to be targeted in a string of similar incidents that have hit Neiman Marcus, P.F. Chang's, and most notably Target in the past year. Home Depot said it will switch to EMV "Chip and PIN" technology by the end of this year at all of its U.S. stores, a more secure payment method, ahead of an October 2015 deadline from the payments industry requiring such a shift.
Independent journalist Brian Krebs broke the news that Home Depot was looking into a hack on Sept. 2. The same group from Russia and Ukraine that attacked Target last year may be responsible for this attack, he said. Target's hack affected up to 40 million cards, led to the resignation of its CEO, and cost them almost $150 million in the second quarter alone.
Customers can learn more about the identity protection services services at www.homedepot.com or by calling 1-800-HOMEDEPOT, the retailer said.
Sapna Maheshwari is a business reporter for BuzzFeed News and is based in New York. Maheshwari reports on retail and e-commerce.
Contact Sapna Maheshwari at firstname.lastname@example.org.
Got a confidential tip? Submit it here.