Home Depot said Thursday a data breach resulted in 56 million debit and credit cards being compromised in the U.S and Canada. The breach is the largest since Target’s holiday 2013 breach of 40 million cards and is suspected to have occurred between April and September. The bug that compromised the system has been eliminated, the company said in a press release.
The nation’s largest home improvement store also said the statement that customer’s pin numbers were not stolen and customers that shopped online or in Mexico have not been affected. They have since tightened their security systems with a major update to their networks.
Home Depot hasn’t listed the stores that have been affected by the breach but there’s evidence of a black market site is selling thousands of card numbers with expiration dates and identifying information such as names and addresses. The underground site is the same that contained card data from the Target data breach. Data thieves use the cards to make online purchases mainly for electronics and gift cards.
As of Thursday, the site reported that 100% of the cards found on the site were still active and not cancelled. “When they’re 100% valid, that’s an indicator that the merchant hasn’t fixed the problem yet,” said Brian Krebs, a cybersecurity reporter. “It’s a live breach.”
Home Depot reminded customers to closely monitor their bank statements and credit card reports for suspicious activity. Customers are not responsible for any fraudulent charges. As a means of educating and protecting consumers the company offered free identity protection services, including credit monitoring, to anyone who shopped in their stores from April through October.tw