Home Depot has confirmed that its payment systems were breached by data thieves, potentially victimizing many customers throughout the United States and Canada.
However, the company promised Monday that no one will have to pay for “fraudulent” charges.
Officials of the Atlanta-based giant would not estimate how many customer accounts might have been subject to the data attack. And while the investigation reaches back as far as April, the company did not say how long cyber-criminals had access to Home Depot systems.
A cyber-security expert reported earlier Monday that the Home Depot data breach had been carried out with the same malware used previous by cyber-thieves to pilfer consumer data from Target.
At least some of Home Depot’s store registers were infected with a variation of BlackPOS or Kaptoxa, software designed to steal data from credit and debit cards when they are swiped through register systems running Microsoft Windows, according to Brian Krebs, who writes about data security.
That similarity of software “adds another indicator that those responsible for the as-yet unconfirmed breach at Home Depot also were involved in the December 2013 attack on Target that exposed 40 million customer debit and credit card accounts,” Krebs wrote on his website.
BlackPOS was found on the Target systems at Target last year.
Krebs wrote Monday that the new information came from sources close to the investigation of the Home Depot data breach.
Support real journalism. Support local journalism. Subscribe to The Atlanta Journal-Constitution today. See offers.
Your subscription to the Atlanta Journal-Constitution funds in-depth reporting and investigations that keep you informed. Thank you for supporting real journalism.