Home Depot confirms payment system attack

The home improvement retailer with more than $78 billion in sales said there's no evidence that debit card PINs have been compromised. The attack rhymes with what Target experienced.
Written by Larry Dignan, Contributor

Home Depot on Monday confirmed that its payment systems were breached in an attack that rhymes with what Target experienced.

Threat filtering: Strategizing serious threat detection 

Cybersecurity hiring crisis: Rockstars, anger and the billion dollar problem

Cybersecurity's hiring crisis: A troubling trajectory

The company said in a statement that it has enough information to confirm the attack, but also added that "there is no evidence that debit PIN numbers were compromised."

Reports about Home Depot's potential breach have swirled for days. Home Depot said that it "continues to determine the full scope, scale and impact of the breach."

That impact could affect customers using payment cards in the U.S. and Canada. Customers online and in Mexico don't appear to be hit.

Home Depot said its investigation revealed that the attack started in April. Since then, Home Depot has "taken aggressive steps to address the malware and protect customer data" and will offer credit monitoring services to any shopper using a payment card from April.

The retailer said it started its investigation Sept. 2 after reports from banks and law enforcement.

Meanwhile, Home Depot said that it will implement EMV technology to all stores by the end of 2014, ahead of the Oct. 2015 deadline.

Since late 2013, data breaches at retailers have become all too common. Albertson's, Target, Michaels, Neiman Marcus, Sally Beauty, P.F. Chang's and SuperValu have all experienced significant breaches. 


Editorial standards