Home Depot confirms data breach
The Home Depot, the world's largest home improvement retailer, this week confirmed that its payment data systems have been breached, which could potentially impact customers using payment cards at its U.S. and Canadian stores. There is no evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.
While the company continues to determine the full scope, scale and impact of the breach, there is no evidence that debit PIN numbers were compromised.
Home Depot’s investigation is focused on April forward, and the company says it has taken aggressive steps to address the malware and protect customer data. The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on. Customers who wish to take advantage of these services can learn more at homedepot.com or by calling 1-800-466-3337.
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, chairman and CEO. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
The investigation began on Tuesday morning, Sept. 2, immediately after the company received reports from its banking partners and law enforcement that criminals may have hacked its payment data systems, according to the company.
Since then, the company’s internal IT security team has been working with IT security firms, its banking partners and the Secret Service to gather facts and provide information to customers.
Responding to the increasing threat of cyber-attacks on the retail industry, The Home Depot previously confirmed it will roll out EMV “Chip and PIN” to all U.S. stores by the end of this year, well in advance of the October 2015 deadline established by the payments industry.