The Home Depot (NYSE:HD) confirmed that its payment data systems have been breached, which could potentially impact customers using cards in its U.S. and Canadian stores. The retailer reports no evidence of the breach affecting customers who shopped in Mexico or online.
Reports of the possible breach surfaced one week ago when The Home Depot announced it had received reports from banking partners and law enforcement that criminals may have hacked payment data systems.
The company is still investigating the full scale and impact of the breach. There is no evidence yet that debit or PIN numbers were compromised.
The investigation is focusing on company data changes spanning back to April. The Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card in one of the brand's stores in 2014, from April on.
"We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue," said Frank Blake, chairman and CEO. "We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It's important to emphasize that no customers will be responsible for fraudulent charges to their accounts."
Responding to the increased threat of cyber attacks on the retail industry, The Home Depot previously confirmed it will roll out EMV, or chip-and-PIN, to all U.S. stores by the end of this year—in advance of the October 2015 deadline set by the payments industry.
The Home Depot announcement comes almost one year after Target announced that a data breach had compromised the credit card information of 40 million Target (NYSE: TGT) shoppers and the personal information of up to 70 million. The breach has cost Target $148 million to date.
-See this Home Depot press release
Backoff malware widespread, PCI Council issues call to action
How to prevent Target-like data breaches
Shoppers stop buying online after breaches
Supervalu reports data breach
Target and PF Chang's breaches 'the tip of the iceberg'