Almost all U.S. Home Depot stores may have been hit by breach: new data
By Nandita Bose
CHICAGO (Reuters) - Customer data could have been stolen from nearly all of Home Depot Inc's HD.N stores in the United States, according to new information released on Wednesday by security website KrebsonSecurity.
Brian Krebs, who runs the website, had said on Tuesday that the problem could affect all of Home Depot's 2,200 stores in the United States. On Wednesday, he said he found new evidence that the breach first surfaced on the website Rescator, where customer credit cards were listed according to store ZIP code. These codes showed a 99.4 percent overlap with Home Depot stores, he said.
In all, there were 1,939 codes corresponding to Home Depot store locations, Krebs' website said. It is not yet clear how many customers were impacted.
Home Depot has not confirmed that a breach occurred. Company spokeswoman Paula Drake said the retailer is working with leading IT security firms, including Symantec Corp (SYMC.O: Quote) and FishNet Security, to investigate whether there has been a data breach.
"Our forensics and security teams have been working around the clock since we first became aware of a potential breach Tuesday morning," she said.
The retailer sought to reassure customers on Wednesday that they will not be held responsible for any possible fraudulent charges. It also asked them to closely monitor their accounts and said it will offer free identity-protection services, including credit monitoring, to any customers who may have been affected.
Home Depot could be the latest in a string of retailers to have been hit by security breaches in the recent past. If confirmed, the Home Depot breach could be among the worst.
U.S. retailers have been slow to adopt chip-reading technology on their terminals as most Americans do not carry chip-enabled cards. Continued...