Data Breaches

Home Depot Confirms Breach

Written by Jamie White for Symantec
Home Depot confirmed Monday that its payment systems in its U.S. and Canadian stores were hacked, dating back to April. The statement on the home improvement giant's website did not say whether the breach has ended. 
 
It reads that the breach could "potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward. We do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com."
 
The store is offering free identity protection services to any customer who has shopped at a Home Depot store in 2014, from April on.
 
Journalist Brian Krebs — the same person who broke the news of the Target breach last December — notes on his website KrebsonSecurity that the credit and debit card breach at Home Depot — was aided in part by a new variant of the malicious software program that stole card account data from cash registers at Target last December. The Target breach exposed 40 million customers' data.
 
On Sept. 2, Krebs broke the story that Home Depot was working with law enforcement to investigate “unusual activity” after multiple banks said they’d traced a pattern of card fraud back to debit and credit cards that had all been used at Home Depot locations since May of this year.
 
Krebs reported Monday that while Home Depot was quick to assure customers and banks that no debit card PIN data was compromised, multiple financial institutions he contacted "are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts."
 
It is important to closely monitor your payment card accounts and report unusual activity to your issuing bank, Home Depot notes.
 
And for now, it seems wise to pay with cash if you shop at a Home Depot store until the retailer confirms that its payments systems are no longer being breached.
 
 
 

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Start your protection,
enroll in minutes.