Home Depot says it’s offering free identity-protection services, including credit monitoring, to those customers who might be potentially hurt by a possible data breach at the home-improvement chain.
It also urged that customers closely monitor their accounts and reach out to their card issuers if they notice any suspicious activity.
The statements, issued late Wednesday, came a day after Home Depot, based in Atlanta, said that it’s working with both banks and law enforcement to investigate “unusual activity” that would point to a hack.
The possible data breach at Home Depot was first reported by Brian Krebs of Krebs on Security, a website that focuses on cybersecurity. Krebs said multiple banks reported “evidence that Home Depot stores may be the source of a massive new batch of stolen credit and debit cards” that went on sale on the black market earlier Tuesday.
“Our forensics and security teams have been working around the clock since we first became aware of a potential breach Tuesday morning,” said Paula Drake, a Home Depot spokeswoman, in a statement. She added that Home Depot is working with leading security firms Symantec and FishNet Security.
Home Depot emphasized that in the event of a breach, customers will not be responsible for any possible fraudulent charges. It said that the financial institution that issued the card or Home Depot are responsible for the charges.
Hackers have broken security walls for many retailers in recent months, including Target, grocery-store chain Supervalu, P.F. Chang’s and the thrift-store operations of Goodwill. The rash of breaches has rattled shoppers’ confidence in the security of their personal data and pushed retailers, banks and card companies to increase security by speeding the adoption of microchips into U.S. credit and debit cards.
Krebs reported that it’s not clear how many stores were affected but preliminary analysis indicates the breach may have affected all 2,200 Home Depot stores in the U.S. Several banks that were contacted by Krebs said they believe the breach may have started in late April or early May.
“If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period,” said the Krebs post.
Krebs said that the party responsible for the breach may be the same group of Russian and Ukrainian hackers suspected in the Target breach late last year. Krebs also broke the news of Target’s breach.
Target Corp., based in Minneapolis, is still trying to get beyond its massive breach that occurred late last year and hurt sales, profits and its reputation with customers. It has been overhauling its security department and systems and is accelerating its $100 million plan to roll out chip-based credit-card technology in all of its nearly 1,800 stores.