“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Home Depot spokeswoman Paula Drake told Krebs on Security. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
Apparently, credit card data stolen from Home Depot payment terminals has already been offered for sale on black forums, where unnamed U.S. banks have purchased their customers cards.
The publication says that there is evidence suggesting the same hackers behind the Target, Sally Beauty and P.F. Chang’s – believed to be based in Russia and Ukraine – may be also responsible for the attacks on Home Depot, and that the move might be related to the current Ukraine crisis.
Preliminary analysis indicates that the data breach may have affected all the 2,200 Home Depot stores in the U.S.
According to several banks, the Home Depot breach may extend back to April or May 2014. “If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period,” Krebs on Security wrote.
An earlier report revealed that as many as 1,000 U.S. retailers may have been suffered similar data breaches, with many of them potentially unaware of the situation.