Home Depot breach bigger than Target at 56 million cards
By Jim Finkle and Nandita Bose
BOSTON/CHICAGO (Reuters) - Home Depot Inc (HD.N: Quote) Thursday said some 56 million payment cards were likely compromised in a cyberattack at its stores, suggesting the hacking attack at the home improvement chain was larger than last year's unprecedented breach at Target Corp (TGT.N: Quote).
Home Depot, in providing the first clues to how much the breach would cost, said that so far it has estimated costs of $62 million. But it indicated that costs could reach much higher.
It will take months to determine the full scope of the fraud, which affected Home Depot stores in both the United States and Canada and ran from April to September.
Retailer Target incurred costs of $148 million in its second fiscal quarter related to its breach. Target hackers stole at least 40 million payment card numbers and 70 million other pieces of customer data.
Home Depot said that criminals used unique, custom-built software that had not been seen in previous attacks and was designed to evade detection in its most complete account of what had happened since it first disclosed the breach on Sept. 8.
The company said that the hackers’ method of entry has been closed off, the malware eliminated from its network, and that it had rolled out "enhanced encryption of payment data" to all U.S. stores.
"We apologize to our customers for the inconvenience and anxiety this has caused and want to reassure them that they will not be liable for fraudulent charges," Chief Executive Frank Blake said in a statement.
Of the estimated cost so far of $62 million, which covers such items as credit monitoring, increased call center staffing, and legal and professional services, Home Depot said it believes that $27 million of the amount will be paid for by insurers. Continued...