Home Depot Completes Malware Elimination, Says 56M Cards Were at Risk

Home Depot (NYSE:HD) says roughly 56 million payment cards may have been compromised in a massive cyber breach of the home improvement retailer’s payment network.

The company released details of the incident on Thursday. It is the first time Home Depot has spoken to the magnitude of the breach, which is now confirmed to have been bigger than the infamous 2013 attack on Target -- that breach impacted 40 million cards.

Home Depot, which discovered the incident on Sept. 2, says customized malware is believed to have been present on its network from April 2014 up until this month. The company claims perpetrators used the unique software code to penetrate its payment systems and avoid detection.

News of the incident broke in early September when security blogger Brian Krebs reported multiple banks found evidence that the retailer may have been penetrated.

The company says the attack impacted shoppers of its U.S. and Canadian stores, but not those who placed orders on HomeDepot.com.

Home Depot claims the malware used in the breach has been eliminated from its network, and is taking steps to better safeguard customer data.

The retailer says it has completed a large security upgrade to its payment systems, enhancing point-of-sale data encryption at all of its U.S. stores. Home Depot says the same technology will be in all Canadian stores by early 2015.

In a statement, the company’s CEO Frank Blake said, "We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges.”

This latest infiltration underscores the severity of the cyber threats that face American businesses and consumers alike. Just in the last year, hackers have successfully stolen troves of customer data from retail chains like Target, Neiman Marcus, P.F. Chang’s, Sally Beauty, among others.