The Home Depot has confirmed it suffered a data breach of its payment systems but has no evidence debit PIN numbers were stolen.
In a statement issued late September 8, the home-improvement retailer gave no indication of how many customers could be affected.
The store said it “continues to determine the full scope, scale and impact of the breach,” and that its investigation focused from April to the present.
“We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts,” said CEO Frank Blake, in a statement. He apologized for the frustration and anxiety the breach could cause customers.
Brian Krebs, author of the cybersecurity blog Krebs on Security, was first to report of the Home Depot data breach after banks told him they were seeing new batches of stolen payment cards being sold on underground websites. Krebs, who was first to uncover the Target cyber breach, looked into the cards being sold online and concluded that nearly all of Home Depot’s 2,200 US stores are involved in the breach.
Some have speculated the Home Depot breach could eclipse the affected counted of Target’s data breach discovered late last year. The malware on Target’s point-of-sale systems exposed debit and credit card data of as many as 40 million customers. Later the third largest retailer revealed that an additional 70 million records with other customer personal identifiable information was exposed by the breach.
ALSO READ: Home Depot the largest retail breach ever?: A look at the numbers
Home Depot said its investigation began September 2 immediately after it got reports of a possible breach, and the store’s internal IT team has been working with other IT security firms, banking partners and the US Secret Service.
The retailer said its previously announced plans to roll out chip-and-PIN payment cards to all US stores is ahead of schedule–in advance of the October 2015 deadline established by the payments industry.