Home Depot data hack could be biggest ever
Published: 9 September 2014
US home improvement giant The Home Depot has confirmed that its payment systems have been hacked - a data breach that is on target to be the biggest ever experienced.
The Home Depot is the largest home improvement retailer in the world, with 2,266 stores across the US, and more in Canada, Mexico and elsewhere, delivering total sales of $78.8bn.
The breach could potentially hit customers using payment cards at The Home Depot's US and Canadian stores, but there is no evidence that it has affected stores in Mexico or customers who shopped online. However, the company says it is still trying to determine the full scope, scale and impact of the breach.
An investigation began last Tuesday immediately after the company received reports from its banking partners and law enforcement that criminals may have hacked its payment data systems.
Since then, The Home Depot's internal IT security team has been working around the clock with IT security firms, the company's banks and the Secret Service. The investigation is working back to April.
Card information stolen from Home Depot customers is now reportedly being sold on to criminals. They can use these details to find the social security number and date of birth of cardholders, and then go on to call automated bank systems and change the PIN on cards.
Banks have reported a steep rise in fraudulent ATM withdrawals since the hack came to light.
In a statement, The Home Depot chairman and ceo Frank Blake said: "We apologise for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue.
"We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasise that no customers will be responsible for fraudulent charges to their accounts."
The Home Depot and many other US retailers remain vulnerable to credit card hacks because they still use payment terminals that scan cards, giving malicious software an opportunity to copy the data.
In its statement, the retailer restated its intention to roll out chip and pin to all US stores by the end of this year.