Home Depot Confirms Data BreachCustomers in the U.S., Canada Potentially Affected
There is no evidence that the breach affected stores in Mexico or customers who shopped online at HomeDepot.com, the home improvement retailer confirmed Sept. 8.
Home Depot also says there is no evidence that debit PIN numbers were compromised.
The company has 2,266 retail stores in all 50 states, the District of Columbia, Puerto Rico, U.S. Virgin Islands, Guam, 10 Canadian provinces and Mexico. In fiscal 2013, Home Depot had sales of $78.8 billion and earnings of $5.4 billion.
"Home Depot's investigation is focused on April forward, and the company has taken aggressive steps to address the malware and protect customer data," the company says.
Any customer who used a payment card at a Home Depot store this year, beginning in April, is being offered free identity protection services, including credit monitoring.
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," says Frank Blake, chairman and CEO. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."
The company has been investigating the breach since Sept. 2, after it received reports from its banking partners and law enforcement that criminals may have hacked its payment data systems (see: Update: Home Depot Breach Investigation).
Home Depot also says it will roll out EMV terminals to all its U.S. stores by the end of this year.
The company has been hit with a class action lawsuit after news broke of the suspected breach (see: Home Depot Already Faces Breach Lawsuit).