Home Depot the nation’s largest home improvement retailer announced on Thursday that about 56 million customer debit and credit cards were put at risk after hackers broke into the company’s payment systems. The home Depot improvement retailer said the malicious software used in the attack had been removed from its computer system in the United States and Canada and that the company had enhanced encryption at point-of-sale terminals at its U.S. stores.
Home Depot’s investigation found the hackers escaped detection by using unique custom-made software that had never been seen before. Such malware which is called “zero days” because that’s how long it’s been known can’t be even detected by latest anti-virus software.
Home Depot said the malware that stole the credit card data resided on its computer systems from April until September 2014, far longer than the attack against Target, which went on for about three weeks. Home Depot said there was no evidence that debit card PIN numbers were compromised or that the breach impacted stores in Mexico or customers who shopped online.
In upcoming days, the payment cards details are believed to be sold in underground black hat market, resulting in identity theft to millions of customers. But to help its customers, The retailer is offering free credit monitoring to customers who used a payment card at a Home Depot store since April. Home Depot has 1,977 stores in the United States and 180 in Canada.
We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” Home Depot CEO Frank Blake said in a statement. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.
The company said it has finished installing security software that scrambles credit card data to make it unreadable to hackers. The rollout of the software began in January, but it wasn’t completed in Home Depot’s U.S. stores until last Saturday.
The company also said it will finish setting up more secure credit card readers in all of its U.S. stores by the end of the year. The new technology will be able to read a new type of credit card that uses a combination of an embedded microchip and a code to authorize transactions. “Chip and pin” technology, as it is known, is supposed to make it much more difficult for thieves to use stolen credit card data to make counterfeit cards. All merchants and banks are under an October 2015 deadline to upgrade to the more secure credit cards.