Home improvement retailer The Home Depot may be the latest target of the massive Russia-based hacker ring hitting US businesses.
As first reported on the website of cybersecurity journalist Brian Krebs, a new batch of stolen credit and debit cards hit the cybercrime underground on Tuesday, and multiple banks confirmed that The Home Depot stores may be the source.
Paula Drake, a spokesperson for the retail chain, confirmed that the company is actively investigating the possible breach with its banking partners and law enforcement:
"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," Drake told Krebs in a prepared statement. "If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible."
Even without official confirmation of the breach, there is speculation that it could be many times larger than the one that hit Target last year, as The Home Depot has some 2,200 stores in the US and nearly 300 in other countries, and early analysis suggests all of the stores were affected.
Since late 2013, data breaches at US businesses have become all too common. Albertson's, Target, Michaels, Neiman Marcus, Sally Beauty, P.F. Chang's and SuperValu have all experienced significant breaches believed to stem from a group of Russian and Ukranian hackers.
Most recently, the group is said to have stolen more than 1.2 billion Internet credentials — including usernames and passwords — with more than 500 million email addresses. In that case, however, most of the IDs exploited were used for sending spam on social networks, rather than illegal spending and selling on the black market.