Home Depot Credit Cards May Have Been Hacked

By Sarah Price - 04 Sep '14 01:55AM

Home Depot, the famous American construction and building material retailer, may have fallen victim to a massive credit card breach.

Security analysts say that credit and debit card data that went on sale on a criminal website Tuesday could have come from Home Depot's systems. Journalist Brian Krebbs broke news of the breach writing on his blog that the data breach may have started in mid March or April.

According to USA Today, the data is being sold from the same under-radar store that sold financial information of Target and P.F. Chang's. The for-sale data was apparently labeled "American Sanctions."

The Atlanta-based retail chain told the Associated Press that it was looking into some "unusual activity" in its systems and was working with their bank partners and law enforcement officials to investigate the matter.

"Protecting our customers' information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," Paula Drake, a spokeswoman for Home Depot, told Yahoo News declining to comment further.

However, the breach hasn't been confirmed.

"We know that this news may be concerning and we apologize for the worry this can create. If we confirm a breach has occurred, we will make sure our customers are notified immediately," the company said in a statement on its website.

"If we confirm a breach, we will offer free identity protection services, including credit monitoring, to any potentially impacted customers," it added.

If confirmed, the breach will overshadow the Target credit card breach that exposed about 40 million accounts and compromised personal information of about 70 million people.

Goodwill Stores also announced Tuesday that credit and debit card information of several customers had been stolen from 300 stores across 19 states in the U.S. from Feb 2013 to August 2014.

The Department of Homeland Services says that the breach is a result of a malicious software called "Blackoff," which has affected more than 1,000 businesses in the country. The software was not recognized by any anti-virus until last month.

Experts say it is of utmost importance that they remove the magnetic strip that helps transfer data from the cards and introduce a computer chip and PIN number method to prevent such breaches. Also, banks and credit card companies need to tighten security standards.