Home Depot Security Breach Captured Information From 56 Million Payment Cards

Home Depot announced Thursday that a security breach at its U.S. and Canadian stores over a six-month period may have put an estimated 56 million debit cards at risk, The Washington Post reported.

That would make it the largest compromise of payment cards in the string of cyberattacks that have rocked retailers over the past year. Target said the security breach that hit its stores during the 2013 holiday season may have breached as many as 40 million cards, but it was later revealed that the personal information of an additional 70 million consumers was also obtained.

The hack further highlighted how vulnerable U.S. retailers are to attacks that have been aimed at their payment systems. Home Depot also said for the first time that the software that made the breach of its payment terminals possible "has been eliminated from the company's systems."

Although the number of affected cards wasn't disclosed before, the breach already had seemingly become large enough to prompt big card-issuing banks to start replacing customers' debit and credit cards that were exposed in the attack. Capital One Financial Corp. said that it, too, was planning to reissue payment cards.

Each of the attacks came as a result of software that had been sneaked into the companies' networks and used to phish for personal information. Home Depot said that its investigation has determined the criminals used "unique, custom-built malware" that wasn't used in other attacks.

Home Depot estimated the investigation, call center staffing, credit card monitoring service and other steps would cost $62 million. About $27 million is expected to be reimbursed by its insurance.

The company posted $43.5 billion in sales revenue in the six months through Aug. 3. With the economy and housing market improving, Home Depot said it still expects its sales to grow by 4.8 percent this fiscal year, according to The Wall Street Journal.

Tags
Home Depot
Real Time Analytics