The Home Depot has confirmed that its payment systems were breached by data thieves, potentially victimizing many customers throughout the United States and Canada.
However, the company promised Monday that no one will have to pay for “fraudulent” charges.
Officials of the Atlanta-based giant would not estimate how many customer accounts might have been subject to the data attack. And while the investigation reaches back as far as April, the company did not say how long cybercriminals had access to Home Depot systems.
A cybersecurity expert reported earlier Monday that the Home Depot data breach had been carried out with the same “malware” used previously by cyberthieves to pilfer consumer data from Target.
At least some of Home Depot’s store registers were infected with a variation of something called BlackPOS or Kaptoxa, software designed to steal data from credit and debit cards when they are swiped through register systems running Microsoft Windows, according to Brian Krebs, who writes about data security.
That similarity of software “adds another indicator that those responsible for the as-yet unconfirmed breach at Home Depot also were involved in the December 2013 attack on Target that exposed 40 million customer debit and credit card accounts,” Krebs wrote on his website.
BlackPOS was found on Target’s systems last year.
Krebs wrote Monday that the new information came from sources close to the investigation of the Home Depot data breach.