Home Depot, the giant home improvement retailer, has confirmed that a data breach took place at its U.S. and Canada stores starting in April. Customers who paid with cards may have had their data compromised. The store says there is no evidence that pin numbers from debit cards were stolen.
On Monday, the retailer reiterated the free credit monitoring offer and said, it "has taken aggressive steps to address the malware and protect customer data."
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," said Frank Blake, chairman and CEO, in a statement. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."
A massive batch of credit and debit card information that went on sale on a criminal Internet site Sept. 2 may be from Home Depot stores and could be linked to hackers previously responsible for breaches at Target and P.F. Chang's, security experts say.
The credit card information was first offered up for sale Tuesday on an underground site that trafficks in stolen financial information, security author Brian Krebs reported on his blog, Krebsonsecurity.com.
The breach could have begun in late April or early May of this year, Krebs reported.
If that is true, this incident could dwarf the Target breach, in which 40 million credit and debit accounts were compromised over a three-week period.
"This latest batch of cards is for sale from the same underground store that sold cards from P.F. Chang's and Target," said Trey Ford, a security strategist at Rapid7, a Boston-based computer security company.
