Atlanta-based The Home Depot has confirmed earlier reports that the company suffered a data breach which saw customers’ credit card information stolen by hackers and sold on the internet black market.
WSB-TV’s Jim Strickland reports via Twitter that the breach happened months ago, but officials only became aware of the situation earlier this month, when Krebs on Security announced batches of customers’ credit card information were released on an underground website that specializes in the buying and selling of personal information.
Krebs spoke with someone intimately familiar with the investigation into the breach, and on Monday reported that the software the hackers used to obtain the credit card information from Home Depot customers was the same software that was used to steal the credit card information of some 40 million Target customers in November and December, 2013. Krebs added that suspicious bank transactions resulting from the breach at Home Depot began appearing in May.
The person responsible for releasing the first batch of stolen credit card information on the black market website has released nine more batches of information in the past days, Krebs writes.
Last week, The Home Depot called for reinforcements in the form of Symantec and FishNet Security, two well-respected and cutting-edge internet security companies. They assisted The Home Depot’s internal forensics and security teams and determined that a breach occurred.
The day after Krebs broke the story of the data breach, The Home Depotreassured customers that if the breach did in fact occur, The Home Depot will offer identity protection services, including credit monitoring, to customers who were affected. Additionally, The Home Depot or customers’ financial institutions will handle fraudulent charges racked up by unauthorized users.
“We know that this news may be concerning and we apologize for the worry this can create. If we confirm a breach has occurred, we will make sure our customers are notified immediately,” the statement reads in part.
In the meantime, The Home Depot is urging customers to monitor their credit card accounts to ensure there is no suspicious activity. If you have any questions, please call Home Depot Customer Care at 1-800-HOMEDEPOT (1-800-466-3337).
Despite these reassurances, Home Depot customers have entered into a class-action lawsuit against the company that was filed late on Thursday, The Atlanta Journal-Constitution reports. The suit alleges that the company did not do enough to protect customers’ information before the breach, then did not respond quickly enough when the breach occurred. The suit seeks damages.