Home Depot finally confirmed that its payments system were breached. The US retail chain working with law enforcement over compromise of payment terminals across stores in the country.
Chief executive of the hacked firm Frank Blake admitted the breach in a statement issued on the company website.
The retailer said the exact number of customers affected was still not clear. But a person briefed on the investigation said the total number of credit card numbers stolen at Home Depot could top 60 million. By comparison, the breach last year at Target, the largest known attack to date, affected 40 million cardholders.
The breach may have affected any customer at Home Depot stores in the United States and Canada from April to early last week, said Paula Drake, a company spokeswoman. Customers at Home Depot’s Mexico stores were not affected, nor were online shoppers at HomeDepot.com. Personal identification numbers for debit cards were not taken, she said.
“We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred,” Blake said.
“We apologise for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue”.
The statement says there is no evidence that debit card PINs were compromised and that the investigation was “focused on April forward”.
According to Kreb, Home Depot may have been breached by the same gang behind the Target breach, using a variant of the BlackPOS malware.
BlackPOS is just one of many PoS malware families; Backoff is the latest and likely most notorious. The Secret Service recently issued an advisory warning of Backoff, and reported that more than 1,000 businesses had likely been compromised.