September 8, 2014 – The Home Depot today confirmed that its payment data systems have been breached, which could potentially impact customers using payment cards at its Canadian (and U.S.) stores.
“We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred,” said Frank Blake, chair and CEO. “It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
The company says there is no evidence the breach has impacted online Home Depot shoppers and, while it continues to determine the full scope, scale and impact of the breach, there is no evidence that debit PINs were compromised.
Home Depot’s investigation is focused on April forward, and the company says it has taken “aggressive steps” to address the malware and protect customer data. The retailer is offering free identity protection services—including credit monitoring—to any customer who used a payment card at a Home Depot store in 2014 from April onward.
The investigation began on the morning of September 2 after the company received reports from its banking partners and law enforcement that criminals may have hacked its payment data systems. Since then, the company says its internal IT security team has been working with other IT security firms, banking partners and the Secret Service to gather facts and provide information to customers.