Home Depot already confirmed a few days ago it has been the victim of an elaborate cyber attack, without providing specific details about the number of users that may have been affected in this new credit and debit card data heist. The company on Monday again confirmed that hackers managed to get in its in-store payment systems, The New York Times reports, and the new attack may be even bigger than the similar breach that occurred in late 2013 at Target.
According to a person close to the investigation, more than 60 million credit card numbers may have been stolen from Home Depot’s payment system. Comparatively, hackers stole data for over 40 million cards from Target’s system following a three-week attack during the busy Black Friday shopping season.
However, the breach at Home Depot went undetected for a much longer period of time – from April to early last week – affecting all customers that have shopped in a retail store in the U.S. or Canada (more than 2,250 locations, 400 more than affected Target stores) and paid with a debit or credit card.
HomeDepot.com has not been hacked, and PINs for debit cards have not been stolen, a Home Depot spokesperson revealed.
It’s still not clear who performed the data heist, but it’s believed the same group that attacked Target and other retail chains earlier this year may be responsible for the Home Depot breach as well. Apparently, the group is based in Eastern Europe, and the attacks might be related to the Ukraine crisis.
Meanwhile, Home Depot will offer free identity protection and credit monitoring services to any customer that had used a credit or debit card at one of its affected stores.
A recent report from the Department of Homeland Security and the Secret Service has revealed that as many as 1,000 retail companies may have been affected by similar hacks, with many of them not even aware that customer data has been stolen.