In what could turn out to be another huge data breach, Home Depot on Tuesday confirmed that it is investigating a potential compromise of credit card and debit card data belonging to an unspecified number of customers.
Security blogger Brian Krebs , who first reported the breach, today estimated that it could end up being potentially even larger than the one at Target, which compromised data on more than 40 million payment cards.
Several banks have reported that the intrusion at Home Depot occurred in late April or early May and remained undetected until recently, Krebs noted. Indications are that all 2,200 Home Depot stores in the U.S. may be affected.
"If that is accurate -- and if even a majority of Home Depot stores were compromised -- this breach could be many times larger than Target," Krebs wrote.
Paula Drake, a Home Depot spokeswoman, said the company is investigating reports of a potential breach of its networks but provided little details on what might have happened.
"At this point, I can confirm that we're looking into some unusual activity and we are working with our banking partners and law enforcement to investigate," Drake said in an emailed statement. "Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately."
Without further information, it would be inappropriate for the company to speculate on what might have happened, Drake added. "We will provide further information as soon as possible."
The Home Depot incident is the latest in a string of data thefts disclosed by U.S. businesses in recent days.
The breach disclosures come amid escalating concerns within the U.S. payment industry of hackers using malware code dubbed Backoff to steal data from point-of-sale (PoS) system networks. The hackers behind the breaches at Target, P.F Changs and Neiman Marcus are believed to have used Backoff to steal data from each company's PoS systems.
The U.S. Department of Homeland Security and the U.S. Secret Service have issued two alerts warning retailers about Backoff and noting that the malware has infected at least 1,000 U.S. businesses. In most cases, hackers were able to deposit the malware on PoS networks after first gaining access to them via remote access applications, the two agencies warned.
The Payment Card Industry Security Standards Council, which oversees the PCI security standard, issued an urgent bulletin in late August urging retailers to review security controls and take additional protective measures, such as end-to-end encryption, to protect against the malware.
Sign up for CIO Asia eNewsletters.