The Home Depot (NYSE:HD) announced that the data breach of its U.S. and Canadian stores affected 56 million debit and credit cards.
The announcement of a suspected breach came a few weeks ago when Home Depot said it had received reports from banking partners and law enforcement that criminals may have hacked payment data systems. Soon after, the breach was confirmed and the retailer began offering free identity protection services, including credit monitoring, to any customer who used a payment card in one of the brand's stores in 2014, from April on.
The large amount of affected consumers surpasses the number of those hit by the 2013 malware attack on Target (NYSE:TGT) customers, which infiltrated 40 million credit and debit cards. The breach clocks in as the second-largest data breach to date, behind the one that affected TJX Companies, in which 90 million records were disclosed in 2007, reported the Associated Press.
The malware targeted Home Depot between April and September of 2014 and has now been eliminated. The retailer reported no evidence that debit PIN numbers were compromised or that the breach affected stores in Mexico or on HomeDepot.com. The company also said it completed a major payment security project that will provide enhanced encryption of customers' payment data in all U.S. stores.
The ultimate financial cost of the breach is still unknown, although estimates suggest several hundred million dollars. Thus far, the Target breach has cost the retailer $148 million.
"This is a massive breach, and a lot of people are affected," John Kindervag, VP and principal analyst at Forrester Research, told the Associated Press. "Home Depot is very lucky that Target happened because there is this numbness factor."
Thus far, Home Depot's sales have not been hit nearly as hard as Target's were post-breach. Analysts believe this is because the home improvement sector does not have as many competitors to choose from. Plus, almost 40 percent of Home Depot's sales come from professional and contractor services that tend to be fiercely loyal, shopping several times a week for supplies.
-See this Associated Press article
Backoff malware widespread, PCI Council issues call to action
How to prevent Target-like data breaches
Shoppers stop buying online after breaches
Supervalu reports data breach
Target and PF Chang's breaches 'the tip of the iceberg'