The Home Depot has issued a press release and a letter to customers that confirms its payment data systems have been breached, and that it could potentially impact customers using payment cards at its U.S. and Canadian stores.
While Home Depot continues to determine the full scope, scale and impact of the breach, the company said there is no evidence that debit PIN numbers were compromised.
On Sept. 2, Home Depot confirmed a Krebs on Security report that its stores may be the source of a massive credit and debit card security breach. Home Depot says there is no evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, chairman and CEO, said in a statement. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
Home Depot said in the press release that its investigation began on Sept. 2, immediately after the company received reports from its banking partners and law enforcement that criminals may have hacked its payment data systems. Since then, Home Depot says its internal IT security team has been working around the clock with leading IT security firms, its banking partners and the Secret Service to rapidly gather facts and provide information to customers.
Responding to the increasing threat of cyber attacks on the retail industry, Home Depot previously confirmed it will roll out EMV Chip and PIN technology to all U.S. stores by the end of this year, well in advance of the October 2015 deadline established by the payments industry.