Home Depot said Thursday a recent cyber attack on its computer network affected a colossal 56 million customer payment cards. The breach, which was first reported by the company 10 days ago, is believed to be the biggest ever hack of a retail firm’s computer systems.
In the attack, cybercriminals used malware to collect customer information from in-store point-of-sale systems where credit and debit cards are swiped through readers. Data was harvested from Home Depot’s brick-and-mortar stores in the US and Canada from April this year until the beginning of September.
The malware has since been eliminated from Home Depot’s computer systems, the company said in a statement put out Thursday.
The retail giant said its ongoing investigation has so far revealed that the hackers used unique, custom-built malware which, according to Home Depot’s security partners, has not been seen previously in other similar breaches.
It added that there is no evidence that payment card PIN numbers were compromised or that the breach has affected its Mexico stores. Customers who shopped online at HomeDepot.com or HomeDepot.ca between April and September are also unaffected by the breach, the DIY chain said.
The company is offering affected customers free identity protection services, including credit monitoring. Anyone who believes they may have been caught up in the security breach is advised to visit this webpage for more information or call 1-800-HOMEDEPOT (800-466-3337) as soon as possible.
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” Home Depot CEO Frank Blake said, adding, “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”
The Home Depot breach is even bigger than the one that hit Target last year involving 40 million credit and debit cards.
In a bid to tackle rising cyber crime, businesses such as Home Depot are working to introduce chip-and-pin technology, which adds another layer of security for users of payment cards.
Further reports of similar point-of-sale malware attacks could be on the way. The Department of Homeland Security said recently that up to a thousand US companies and organizations could have malware on their computer systems without even knowing it, and urged all businesses that use point-of-sale systems to run checks.