Home Depot could be the latest major company to have customer credit card data siphoned off and sold online. Security researcher Brian Krebs writes that multiple banks have said the chain might be the source of a batch of credit and debit cards currently being sold in an online black market. "I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," said Home Depot spokesperson Paula Drake in a statement to Krebs, saying that it was too early to tell whether there had in fact been a breach.
Krebs believes a Home Depot hack could have been carried out by the same people responsible for the attack on Target, which netted hackers information on 40 million credit and debit accounts along with other customer information. He suggests, however, that it might be larger in scope. The breach reportedly could affect all of Home Depot's 2,200 US retail stores, and some banks have said that it could date back to April or May of this year. Target's payment systems, by contrast, were compromised by malware for around three weeks between late November and mid-December of 2013; Target has about 1,800 US branches.
Besides Target, the Secret Service has said that over a thousand other US businesses have been affected by that malware. According to Krebs' previous reporting, Sally Beauty, Neiman Marcus, restaurant chain PF Chang's, and others have all had point-of-sale terminals hacked over the past year. The Target hack is thought to have cost banks and credit unions around $200 million, and the company's CEO stepped down in the aftermath, especially after reports found that warnings from analysts and even an alert from the security system itself had gone unheeded before the attack was discovered.