US home improvement giant The Home Depot says the malware used in the recent breach of its payment systems has been eliminated from its US and Canadian networks.
The cyber-attack on the world's largest home improvement retailer is estimated to have put the payment card information for some 56m cards at risk, and could be the largest experienced anywhere.

The investigation into a possible breach began on September 2 after The Home Depot received reports from its banks and law enforcement that its systems may have been hacked into. However, the malware is thought to have been present between April and September this year.

Since the breach came to light internal and external IT security experts have been working with the banks and the Secret Service to resolve the problem, establishing that the hackers used unique, custom-built malware that had not been seen in other attacks, in order to evade detection.

The hackers' method of entry has now been closed off and the malware eliminated. The Home Depot says there is no evidence that debit PIN numbers were compromised.

The retailer has now completed a major payment security project that provides enhanced encryption of payment data at point of sale in the company's US stores. This involved writing tens of thousands of lines of new software code and deploying nearly 85,000 new pin pads to stores.

Roll-out of enhanced encryption to Canadian stores will be complete by early next year. Unlike the retailer's US stores, those in Canada are already enabled with chip-and-pin technology.