A major US retailer may be unraveling the details of a major payment card data breach with the potential to be much larger than Target’s breach late last year.
According to Brian Krebs, author of the blog Krebs on Security, banks are seeing evidence Home Depot has been the victim of a breach of credit and debit cards, which have gone up for sale on underground websites. Nearly all of Home Depot’s 2,200 stores in the US look to have been affected.
“Several banks contacted by this reporter said they believe this breach may extend back to late April or early May 2014,” said Krebs, who was first to report the breach at Target during last year’s holiday shopping season. He added that if his bank sources are correct, Home Depot’s breach “could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period.”
Target had its point-of-sale systems hacked from November 27 to December 15, 2013. The breach exposed debit and credit card data of as many as 40 million customers, plus an additional 70 million records with other customer information.
In a statement Home Depot said it is looking into “some unusual activity that might indicate a possible payment data breach and we’re working with our banking partners and law enforcement to investigate.”
The home improvement retailer told consumers they will not be responsible for fraudulent charges and urged them to monitor accounts.
“We know that this news may be concerning and we apologize for the worry this can create,” Home Depot said. “If we confirm a breach has occurred, we will make sure our customers are notified immediately.”
Krebs said the hackers of Home Depot could be the same group of Russian and Ukrainian hackers tied to the Target breach as well as PF Chang’s and Sally Beauty.
ALSO READ: Massive Russian cyber breach suggests traditional passwords are ‘useless’ | Russian hacker charged in multiple credit card breaches