Home Depot confirmed Monday that its payment systems in its U.S. and Canadian stores were hacked, dating back to April. The statement on the home improvement giant's website did not say whether the breach has ended.
It reads that the breach could "potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward. We do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com."
The store is offering free identity protection services to any customer who has shopped at a Home Depot store in 2014, from April on.
Journalist Brian Krebs — the same person who broke the news of the Target breach last December — notes on his website KrebsonSecurity that the credit and debit card breach at Home Depot — was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December. The Target breach exposed 40 million customers' data.
On Sept. 2, Krebs broke the story that Home Depot was working with law enforcement to investigate “unusual activity” after multiple banks said they’d traced a pattern of card fraud back to debit and credit cards that had all been used at Home Depot locations since May of this year.
Krebs reported Monday that while Home Depot was quick to assure customers and banks that no debit card PIN data was compromised, multiple financial institutions he contacted "are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts."
It is important to closely monitor your payment card accounts and report unusual activity to your issuing bank, Home Depot notes.
And for now, it seems wise to pay with cash if you shop at a Home Depot store until the retailer confirms that its payments systems are no longer being breached.