The Home Depot investigates possibility of massive data breach

Summary:Reports are out that a new batch of stolen credit and debit cards hit the cybercrime underground on Tuesday, with multiple banks confirming that The Home Depot stores may be the source.

Screen Shot 2014-09-02 at 2.57.30 PM
Credit: The Home Depot

Home improvement retailer The Home Depot may be the latest target of the massive Russia-based hacker ring hitting US businesses.

As first reported on the website of cybersecurity journalist Brian Krebs, a new batch of stolen credit and debit cards hit the cybercrime underground on Tuesday, and multiple banks confirmed that The Home Depot stores may be the source.

Paula Drake, a spokesperson for the retail chain, confirmed that the company is actively investigating the possible breach with its banking partners and law enforcement:

"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," Drake told Krebs in a prepared statement. "If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible."

Even without official confirmation of the breach, there is speculation that it could be many times larger than the one that hit Target last year , as The Home Depot has some 2,200 stores in the US and nearly 300 in other countries, and early analysis suggests all of the stores were affected.

Since late 2013, data breaches at US businesses have become all too common. Albertson's, Target, Michaels, Neiman Marcus , Sally Beauty, P.F. Chang's and SuperValu have all experienced significant breaches believed to stem from a group of Russian and Ukranian hackers. 

Most recently, the group is said to have stolen more than 1.2 billion Internet credentials — including usernames and passwords — with more than 500 million email addresses. In that case, however, most of the IDs exploited were used for sending spam on social networks, rather than illegal spending and selling on the black market.

Topics: Security


Natalie Gagliordi is a staff writer for CBS Interactive based in Louisville, Kentucky, covering business technology for ZDNet. She previously worked as the editor of Kiosk Marketplace, an online B2B trade publication that focused on interactive self-service technology, while also contributing to additional websites that covered retail tec... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.