clock menu more-arrow no yes mobile

Filed under:

Credit card details at risk as The Home Depot confirms it was hacked

New, 19 comments

Retailer is latest in long line of stores targeted

Rob Wilson / Shutterstock.com

The Home Depot today confirmed that its payment systems were breached by hackers earlier this year. The company is yet to outline the details of the attack, but used vague language to suggest that customers who used credit or debit cards at its retail stores in the US and Canada over the last five months may have had their card details compromised. The breach appears to have been carried out using a similar method to recent attacks on companies such as TargetP.F. Chang's, and Neiman Marcus. The perpetrators of such attacks uploaded malicious software to cash registers and other point-of-sale systems in order to siphon off card details, which could be sent off-site and could be used to make fraudulent purchases.

The scale of the breach is unclear

The Home Depot says its investigation into the breach began on September 2nd, the same day that reports surfaced that said the retailer was the next in a string of large companies to be targeted by hackers. The hardware giant is focusing its investigation from April onwards, suggesting that the hackers behind the breach were able to skim customer data from the stores' payment systems for up to five months without being detected. The company is yet to say specifically that credit card details were stolen, but the measures it has offered to affected customers suggests that's the case. Those who shopped at Home Depot stores in North America have been offered credit monitoring and ID protection services for free by the company, and Frank Blake, The Home Depot chairman and CEO, said customers would not be responsible for any fraudulent charges to their accounts.

The implication of the breach is yet to be confirmed, but Home Depot says there's no evidence that credit and debit card PINs were stolen. The scale of the breach is also still unclear, but it could affect more people than any previous attack. US retailer Target was the victim of a similar attack last year which made credit card details for 40 million people available to hackers. Target has 1,800 branches across the US; Home Depot has 2,200.