Home Depot Confirms Breach, Says PIN Numbers Safe

Home Depot (NYSE:HD) on Monday confirmed that its payment data systems were breached, although the number of credit cards exposed by the hack remains uncertain.

The home-improvement retailer said the breach potentially exposed payment cards used by customers at its U.S. and Canadian stores. There is no evidence that the breach extended to stores in Mexico or Home Depot’s website, or that debit PIN numbers were compromised.

Last week, Home Depot disclosed that it was working with banks and law enforcement to investigate unusual card activity. The investigation is now focused on April forward. On Monday, Home Depot said the U.S. Secret Service is working on the case as well.

The company reassured customers any fraudulent purchases would be covered by Home Depot or card issuers. It also offered free identity protection services to anyone who shopped at the world's biggest home-improvement retailer since April.

“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” chairman and CEO Frank Blake said in a statement. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred.”

Target (NYSE:TGT) and several other retailers were the subject of cyber-attacks that exposed credit card information. At Target, about 40 million credit and debit cards used during the start of the holiday shopping season were compromised.

In response to those cyber-attacks, retail chains like Home Depot launched initiatives to improve safeguards. Home Depot said it will roll out chip-and-pin technology to all U.S. stores by the end of this year, before the payments industry’s deadline of October 2015.

Home Depot shares dropped 62 cents to $90.20 in after-hours trading. The stock is down roughly 2.9% since Tuesday, when news of the breach first surfaced.