Home Depot probes possible customer data theft
Home-improvement retailer confirms it is investigating "unusual activity" related to customer data but does not confirm a breach occurred.
Home Depot said Tuesday it is investigating "unusual activity" related to customer data but stopped short of confirming it had fallen victim to a major credit card breach.
The Atlanta-based home-improvement retailer announced it was working with law enforcement officials after security reporter Brian Krebs reported that "multiple banks" had seen evidence that Home Depot may be the source of a large cache of stolen customer credit and debit cards put up for sale on black markets.
"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," Paula Drake, a spokeswoman, said in a statement sent to the media. "If we confirm that a breach has occurred, we will make sure customers are notified immediately."
CNET has contacted Home Depot for more information and will update this report when we learn more.
The breach may have begun in late April and extend to all 2,200 Home Depot stores in the US, Krebs wrote on Krebs on Security. The batch of stolen cards offered for sale was labeled "American Santions," Krebs reported, suggesting that a group of Russian and Ukrainian hackers linked to other high-profile customer data breaches was responsible.
"If that is accurate -- and if even a majority of Home Depot stores were compromised -- this breach could be many times larger than Target," Krebs wrote.
The hack of retail giant Target, in which hackers obtained credit card data and personal information for more than 110 million customers who shopped in its stores late last year, came at the beginning of an apparent uptick in security breaches at retail locations.
Over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, and restaurant chain P.F. Chang's revealed they were victims of security breaches aimed at stealing customers' credit card information.