Last week, CTOVision shared a story from KrebsonSecurity.com, reporting that Home Depot had potentially suffered a large data breach in recent months. At that time, a Home Depot representative acknowledged that the company was investigating “unusual activity” but failed to confirm that a breach had occurred.
In a release dated September 8th, The Home Depot provided an update on the breach, confirming that a breach had occurred and providing more specific information about the theft, which began in April and lasted through the Summer. Information stored in the company’s payment data systems was compromised, although Home Depot reports that debit PIN numbers were not stolen. The report did not provide about the amount of customers affected.
The Home Depot will offer free identity protection services to anyone who used a credit card in stores since April 2014. The report emphasizes that customers will not be held responsible for fraudulent charges and that the investigation is ongoing – with a promise to rollout improved systems to all stores in the United States by the end of this year.
“We apologize for the frustration and anxiety this causes our customers, and I want to thank them for their patience and support as we work through this issue,” said Frank Blake, chairman and CEO. “We owe it to our customers to alert them that we now have enough evidence to confirm that a breach has indeed occurred. It’s important to emphasize that no customers will be responsible for fraudulent charges to their accounts.”
The repercussions of this breach at The Home Depot will shed more light on the ability of large companies to recover from similar breaches. As of September 9th, eBay survived its breach largely unscathed (in terms of earnings), while Target has suffered tremendous commercial losses from its breach last year.
More information will come to light soon. The breach provides yet another example of the importance of digital security for the modern enterprise.