Home Depot said that 56 million debit and credit cards are estimated to have been breached in a data theft between April and September at its stores in the U.S. and Canada.
Home Depot also confirmed that the malware used in the data breach has been eliminated. It said there was no evidence that debit PIN numbers were compromised or that the breach affected stores in Mexico or customers who shopped online at Homedepot.com. It said it has also completed a "major" payment security project that provides enhanced encryption of customers' payment data in the company's U.S. stores.
We apologize to our cusotmers for the inconvenience and anxiety this caused and assure them that they will not be liable, for fraudulent charges," said Frank Blake, chairman and CEO in a statement. "From the time this investigation began, our guiding principal has been to put our customers first, and we will continue to do so."
The breach at Home Depot was first reported on September 2 by Brian Krebs of Krebs on Security. The next day Home Depot said that it had hired security firms Symantec and FishNet Security to help it investigate the possible hacking.