Home Depot hacked
Shares of home improvement retailer Home Depot sank before the opening bell after confirming that its payment systems had been hacked, potentially exposing millions of shoppers who used credit and debit cards at its more than 2000 US and Canadian stores.
The breach could turn out to be one of the biggest in history.
Home Depot did not say how many cards might be affected, but the largest US home improvement chain did say late Monday that its investigation into the breach goes as far back as April.
The news comes nearly a week after a website that focuses on cybersecurity reported on Tuesday a possible hack of Home Depot’s data.
The company said later that day that it was investigating the potential breach.
“We apologise for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” Chairman and CEO, Frank Blake, said in a press release.
Home Depot is the latest retailer to have a data breach.
Others include Target, luxury retailer Neiman Marcus, grocer Supervalu, restaurant chain PF Chang’s and the thrift store operations of Goodwill.
In December, Target Corp disclosed a massive data breach that was the second largest in history, resulting in the theft of 40 million debit and credit card numbers, and the potential exposure of personal information of up to 70 million shoppers.
Forrester Research analyst, John Kindervag, said the Home Depot breach could affect similar numbers of shoppers or cards, noting that months’ worth of data may have been compromised.
“From what I’m hearing, people think this will be as big as Target or bigger,” he said.
Home Depot, which said malware was used in the hack, has announced that it plans to have chip enabled checkout terminals at all of its US stores by the end of this year.
In the meantime, the Atlanta company said its IT department is also looking into the breach and is working with outside firms, its banking partners, and the US Secret Service.
It added that customers will not be held responsible for fraudulent charges to their accounts.
The possible breach at Home Depot was first reported by Brian Krebs of Krebs on Security.
Krebs said multiple banks reported “evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards”.