Home Depot reveals 56m customers were hit in data hack

19 Sep 2014

The DIY retailer Home Depot has admitted that as many as 56m customers in the US and Canada may have been affected by a data hack.

Security news website Krebs on Security says the revelation officially makes the incident the largest retail card breach on record.

Earlier this month, it was discovered information had been obtained by a group or individual. The data was then made available for sale online to the highest bidder.

In a statement released yesterday, Home Depot revealed the perpetrators used custom-built malware to evade detection. The company has since completed a security project that provides enhanced encryption in its US stores, with Canadian outlets to follow suit by early 2015.

“To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements,” the firm wrote. 

“The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems, and the company has rolled out enhanced encryption of payment data to all US stores.”

The incident tops last December’s data breach of US retailer Target, when some 40m credit and debit card details were compromised.

Home Depot store image via Shutterstock

Dean Van Nguyen was a contributor to Silicon Republic

editorial@siliconrepublic.com