The cyberattack that Home Depot started investigating this month represents the biggest hack of a U.S. retailer in history.
The company said today that 56 million cards were affected by the hack, making it larger than the 40 million cards compromised through a breach at Target late last year. Home Depot said the malware, unique to its attack, was present in stores between April and September of this year and has now been removed from its U.S. and Canadian networks.
"To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements," the company said. "The hackers' method of entry has been closed off, the malware has been eliminated from the company's systems, and the company has rolled out enhanced encryption of payment data to all U.S. stores."
Similar incidents have hit Neiman Marcus, P.F. Chang's, and most notably Target in the past year. Home Depot said it will switch to EMV "Chip and PIN" technology by the end of this year at all of its U.S. stores, a more secure payment method, ahead of an October 2015 deadline from the payments industry requiring such a shift.
"These projects required writing tens of thousands of lines of new software code and deploying nearly 85,000 new pin pads to stores," Home Depot said today.
Affected customers can learn more about free identity protection services services at www.homedepot.com or by calling 1-800-HOMEDEPOT, the retailer said.
Sapna Maheshwari is a business reporter for BuzzFeed News and is based in New York. Maheshwari reports on retail and e-commerce.
Contact Sapna Maheshwari at firstname.lastname@example.org.
Got a confidential tip? Submit it here.