Home Depot has confirmed that its payment systems were breached by data thieves, potentially victimizing many customers throughout the United States and Canada.
However, the company promised Monday that no one will have to pay for “fraudulent” charges.
Officials of the Atlanta-based giant would not estimate how many customer accounts might have been subject to the data attack. And while the investigation reaches back as far as April, the company did not say how long cyber-criminals had access to Home Depot systems.
A cyber-security expert reported earlier Monday that the Home Depot data breach had been carried out with the same malware used previous by cyber-thieves to pilfer consumer data from Target.
At least some of Home Depot’s store registers were infected with a variation of BlackPOS or Kaptoxa, software designed to steal data from credit and debit cards when they are swiped through register systems running Microsoft Windows, according to Brian Krebs, who writes about data security.
That similarity of software “adds another indicator that those responsible for the as-yet unconfirmed breach at Home Depot also were involved in the December 2013 attack on Target that exposed 40 million customer debit and credit card accounts,” Krebs wrote on his website.
BlackPOS was found on the Target systems at Target last year.
Krebs wrote Monday that the new information came from sources close to the investigation of the Home Depot data breach.
Thank you for reading the Dayton Daily News and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.
Thank you for supporting in-depth local journalism with your subscription to the Dayton Daily News. Get more news when you want it with email newsletters just for subscribers. Sign up here.