Home Depot confirmed Monday that it was involved in a security breach compromising its payment data systems and possibly affecting all of its stores in the United States and Canada.
Investigation on the breach began on Sept. 2 after the company was notified by law enforcement and its banking partners that it may have fallen victim to hackers. Since then, Home Depot's internal IT security team has been hard at work analyzing the incident alongside top IT security firms in the country.
So far, the extent of the breach has yet to be determined but Home Depot said that customers who have used credit and debit cards in U.S. and Canadian stores starting April may be at risk. To assist affected customers, the home improvement retailer is offering identity protection services free of charge which includes credit monitoring. Debit pin numbers, however, appear to have not been compromised, as well as purchases made through HomeDepot.com.
Cyberthreats have been steadily growing for the retail industry so Home Depot had previously announced it will be rolling out EMV "Chip and PIN" to all its U.S. stores by the end of 2014. This is also in response to the deadline set by the payments industry which lapses in October 2015.
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue. We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred," said Home Depot chairman and CEO Frank Blake in a statement. Should fraudulent charges appear on the accounts of affected customers, they will not be responsible, he adds.
According to KrebsOnSecurity, analysis on Home Depot store registers revealed that some have been infected with a new variation of the "BlackPOS," a strain of malware designed to copy data from payment cards as they are swiped at Windows-based point-of-sales systems that have been infected.
As such, reports are saying that hackers behind the attack on Target last year are also the ones responsible for the breach in Home Depot. Investigation on the attack that compromised 40 million credit and debit card accounts showed that Target point-of-sale systems were also infected with BlackPOS.
Home Depot is the largest home improvement retailer in the world, with 2,266 retail outlets across all 50 U.S. states and the District of Columbia, 10 Canadian provinces, Puerto Rico, Guam, Mexico, and the U.S. Virgin Islands.