Home Depot Confirms Data Breach

Customers in the U.S., Canada Potentially Affected
Home Depot Confirms Data Breach

Home Depot has confirmed that its payment data systems have been breached, potentially impacting customers using payment cards at its U.S. and Canadian stores since April.

See Also: The Inconvenient Truth About API Security

There is no evidence that the breach affected stores in Mexico or customers who shopped online at HomeDepot.com, the home improvement retailer confirmed Sept. 8.

Home Depot also says there is no evidence that debit PIN numbers were compromised.

The company has 2,266 retail stores in all 50 states, the District of Columbia, Puerto Rico, U.S. Virgin Islands, Guam, 10 Canadian provinces and Mexico. In fiscal 2013, Home Depot had sales of $78.8 billion and earnings of $5.4 billion.

"Home Depot's investigation is focused on April forward, and the company has taken aggressive steps to address the malware and protect customer data," the company says.

Any customer who used a payment card at a Home Depot store this year, beginning in April, is being offered free identity protection services, including credit monitoring.

"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," says Frank Blake, chairman and CEO. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."

The company has been investigating the breach since Sept. 2, after it received reports from its banking partners and law enforcement that criminals may have hacked its payment data systems (see: Update: Home Depot Breach Investigation).

Home Depot also says it will roll out EMV terminals to all its U.S. stores by the end of this year.

The company has been hit with a class action lawsuit after news broke of the suspected breach (see: Home Depot Already Faces Breach Lawsuit).


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network