(Adds detail on card security breaches, byline)
By David Henry
NEW YORK, Sept 17 (Reuters) - JPMorgan Chase & Co is replacing some credit and debit cards following the security breach at Home Depot Inc, a company spokesman said.
The company began sending notices on Tuesday to some card holders, advising them that they will soon receive new cards because the breach put them “at risk.”
One of the notices said the company would mail a new card on Sept. 30. The existing card can be used in the meantime, but the notice advised monitoring the account for unrecognized purchases.
JPMorgan spokesman Paul Hartwick could not immediately say how many cards are likely to be replaced.
Home Depot disclosed on Sept. 8 that its payment security systems had been breached. The company is investigating how much account data might have been taken as customers paid for purchases in the United States and Canada from April through August.
The spokesman could not immediately say why the bank moved now to replace the cards or discuss how it balanced the goals of thwarting fraud and minimizing inconvenience to customers.
After card data was taken from Target Corp stores in December, JPMorgan quickly canceled some debit cards that were threatened and asked customers to go to branches for replacements.
JPMorgan is the biggest U.S. bank by assets and one of the biggest card issuers. It issues cards under its Chase brand and under co-branding relationships with some airlines and hotel chains, such as United, Southwest and Marriott.
The notice to card holders said customers will not be liable for unauthorized transactions that they report promptly to the company. The company said it would continue to monitor accounts to help identify unusual activity.
After confirming the breach, Home Depot promised free identity-protection services, including credit monitoring, to any potentially affected customers.
The retailer had said earlier it will roll out PIN- and chip-enabled cards at all its U.S. stores by the end of the year to prevent card fraud.
Brian Krebs, who runs the security website KrebsOnSecurity and first reported the Home Depot breach, said earlier this month that it could be larger than the attack on Target in which hackers stole at least 40 million payment card numbers and 70 million other pieces of customer data during that retailer’s busiest season.
Target has spent $146 million to resolve data breach-related issues since the fourth quarter of 2013. Most of the expenses were for settling actual and potential breach-related claims, mainly by payment card networks.
The largest known breach at a U.S. retailer was uncovered in 2007 at TJX Cos Inc TJX.N, operator of the T.J. Maxx and Marshalls chains, which had more than 90 million credit cards stolen over about 18 months. (Reporting by David Henry in New York; Editing by Meredith Mazzilli, Andre Grenon and Tom Brown)