In comments that will alarm many who have shopped with the Atlanta-based firm, online security specialist Brian Krebs suggested the breach could be “many times larger” than the one which saw data from 40 million credit cards stolen from Target last year.
It’s not clear if the same hackers are behind the attacks, as the malware used was slightly different in each case. Both versions are thought to be variants of the malicious ‘BlackPOS’ software developed by a 17-year-old Russian man, who reportedly sold his creation to cybercriminals.
The software works to collect data from in-store point-of-sale systems when a credit or debit card is swiped through the reader.
In a release issued by Home Depot on Monday, the company said anyone who used a payment card at one of its brick-and-mortar stores from April onwards is likely to be affected by the breach.
Related: Target CEO resigns following massive data breach
In addition, Home Depot said its continuing investigation suggests that online shoppers are not affected, and no PIN numbers have been taken. The company didn’t reveal how many customers have been affected, saying it’s still working to assess the precise scale of the breach.
Home Depot CEO Frank Blake apologized to customers for the “frustration and anxiety” the incident was causing, adding, “It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
Like UPS, which last month confirmed it had also been hit by similar malware, Home Depot says it’s offering affected customers free identity protection services, including credit monitoring.
Customers who who think they may be victims of the Home Depot hack should visit here for more information or call 1-800-HOMEDEPOT (800-466-3337) at the earliest opportunity.
In response to rising cyber crime, Home Depot, along with many other businesses, is working to introduce chip-and-pin technology, which adds another layer of security for credit card users.
Home Depot’s breach is unlikely to be the last we hear about in connection with the point-of-sale malware – the Department of Homeland Security recently revealed that as many as 1,000 US companies and organizations could have the software on their computer systems without realizing, and warned all businesses using point-of-sale systems to run checks. Much of the stolen data is believed to end up for sale on the black market and could ultimately be used for identity theft.
