Home Depot has just confirmed what was previously rumored, that its recently announced credit card data breach may be of bigger proportions than the attack suffered by Target late last year. Reuters reports that the retail chain announced that 56 million payment cards were compromised in the attack that lasted for a few months, much longer than the Target heist – the same hacker group is believed to be behind both attacks, and many similar others targeting payment terminals in U.S. stores.
The Target heist was smaller when it comes to credit and debit cards obtained by hackers – over 40 million – but attackers also managed to grab other personal data for customers, affecting up to 70 million customers.
The Home Depot attack will cost the company at least $62 million – on such things as ”credit monitoring, increased call center staffing, and legal and professional services” – although the final fee could be much higher. Target spent $148 million in its second fiscal quarter, following the Black Friday 2013 hack.
Home Depot assured customers that it’ll also handle any fraudulent charges to their payment cards following the data massive data breach, and said it has not yet estimated how much it’ll cost to reimburse banks for any fraudulent charges, and credit and debit card replacements.
Home Depot also said that the malware used to steal personal data has been eliminated from its network, and the security hole used to attack its terminals closed off. The company revealed that hackers used unique, custom-built software that hasn’t been used before in attacks, being able to evade detection for a long period of time.
Several other U.S. retailers may be the subject of similar cyberattacks, a recent report from U.S. law enforcement agencies revealed, with many targets not even knowing their systems were breached.