Watch CBS News

56 million accounts at risk in Home Depot hack

Home Depot says hackers used "unique, custom built malware" never used in other attacks in the security breach that went undetected between April and September
Home Depot breach puts 56 million cards at risk 01:28

Home Depot (HD) said Thursday that it has identified the malware used to steal customer payment information and has eliminated it from the company's network.

An estimated 56 million credit and debit cards used to pay at Home Depot stores are at risk, the company said in offering the latest update of data breach disclosed earlier this month. This week, a credit monitoring service estimated that fraud losses due to the intrusion could reach $3 billion.

The malware hackers used to steal customer information was unique and was customized to avoid being detected, the retailer said. Home Depot said the malware used in the theft was likely in the company's networks from April until earlier this month.

Home Depot looking into possible security breach 01:54

"To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements," Home Depot said in a statement. "The hackers' method of entry has been closed off, the malware has been eliminated from the company's systems and the company has rolled out enhanced encryption of payment data to all U.S. stores."

Home Depot added that it has found no evidence that customers' debit card PIN numbers were accessed in the theft. In addition, purchases made on HomeDepot.com, HomeDepot.ca and in stores in Mexico were not involved in this breach, the company said.

Home Depot is offering free credit monitoring for one year to affected customers.To get the free ID theft protection and credit-monitoring services, visit the company's website or call 1-800-HOMEDEPOT (800-466-3337).

"We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges," Frank Blake, Home Depot's chairman and CEO, said in a statement. "From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so."

The company also cautioned shareholders that it could be liable for a laundry list of expenses due to the breach. Those costs could include owing payment card networks for reimbursements of credit card fraud, along with the cost of reissuing cards; litigation and other legal fees; resolving technical issues involved in the breach and installing new systems; and possible expenses related to government investigations and potential enforcement.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.