Home Depot confirmed on Monday that its payment systems were breached, potentially affecting American and Canadian customers who visited the stores since April and used a payment card.
It is not yet known how many consumers were affected by the breach and to what extent their credit and debit card information has been compromised. The breach does not appear to include online customers, the company said.
“While the company continues to determine the full scope, scale and impact of the breach, there is no evidence that debit PIN numbers were compromised,” the company said in a statement.
Home Depot initially revealed last Tuesday that it was investigating the possibility of a breach after the banking and law enforcement communities alerted them to a potential hack.
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, Home Depot’s chief executive, in a statement. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
Home Depot has committed to providing free identity protection services to any customer who used a card at its stores since April.
The hack at Home Depot follows a rash of cyber breaches at other prominent retailers, including Neiman Marcus, P.F. Chang’s and Sally Beauty. A recent holiday-season breach at Target affected some 70 million customers and has so far cost the company $146 million.
If a breach did indeed begin in April, it is possible that it overlapped with the retailer’s busy spring shopping season. Home Depot said on an August conference call with investors that it had seen a “record number of customer transactions” in its second quarter.
Home Depot is one of the world’s largest retailers and has more than 2,000 stores in the U.S., Canada and Mexico.
To help protect against cyberattacks, many major retailers are undertaking an expensive overhaul of their point-of-sale systems to make them compatible with a type of credit card known as “chip and pin.” In the U.S., consumers tend to use cards with a magnetic strip, a variety that experts say is less secure than the chip and pin style that is common in Europe. With magnetic strip cards, there is a brief moment where data is transmitted unencrypted to a credit card processor, something which does not happen with chip and pin cards.
Before the breach investigation, Home Depot had already committed to adding chip and pin technology to its stores by the end of 2014.