"Our forensics and security teams have been working around the clock since we first became aware of a potential breach Tuesday morning," said Paula Drake, a Home Depot spokeswoman in a statement. She added that Home Depot is working with leading security firms Symantec and FishNet Security.
Home Depot emphasized that in the event of a breach, customers will not be responsible for any possible fraudulent charges. It said that the financial institution that issued the card or Home Depot are responsible for the charges.
Hackers have broken security walls for many retailers in recent months, including Target, grocery store chain Supervalu, P.F. Chang's and the thrift store operations of Goodwill. The rash of breaches has rattled shoppers' confidence in the security of their personal data and pushed retailers, banks and card companies to increase security by speeding the adoption of microchips into U.S. credit and debit cards.
Krebs reported that it's not clear how many stores were affected but preliminary analysis indicates the breach may have affected all 2,200 Home Depot stores in the U.S. Several banks that were contacted by Krebs said they believe the breach may have started in late April or early May.
"If that is accurate — and if even a majority of Home Depot stores were compromised — this breach could be many times larger than Target, which had 40 million credit and debit cards stolen over a three-week period," said the Krebs post.
Krebs said that the party responsible for the breach may be the same group of Russian and Ukrainian hackers suspected in the Target breach late last year. Krebs also broke the news of Target's breach.
Target Corp., based in Minneapolis, is still trying to get beyond its massive breach that occurred late last year and hurt sales, profits and its reputation with customers. It has been overhauling its security department and systems and is accelerating its $100 million plan to roll out chip-based credit card technology in all of its nearly 1,800 stores.