Home Depot Investigates Possible Credit Card Breach

Published

May 7, 2020

Bob Sullivan is author of the New York Times best-sellers Gotcha Capitalism and Stop Getting Ripped Off. His stories have appeared in The New York Times, the Wall Street Journal, and hundreds of other publications. He has appeared as a consumer advocate and technology expert numerous times on NBC's TODAY show, NBC Nightly News, CNBC, NPR's Marketplace, Terry Gross' Fresh Air, and various other radio and TV outlets. He helped start MSNBC.com and wrote there for nearly 20 years, most of it penning the consumer advocacy column The Red Tape Chronicles. See more at www.bobsullivan.net. Follow Bob Sullivan on Facebook or Twitter.

Home Depot Inc. is investigating a potential credit card data theft incident, the store told security researcher Brian Krebs on Monday, according to a post on Krebs’ website. The theft is similar to the massive hack that hit Target stories last year, Krebs reported, and might include thousands of Home Depot locations.

In a subsequent Tweet, Krebs said he was hearing that the hackers had access to Home Depot systems from “May ’14-present. If true, Home Depot breach could be much larger than Target.”

Target has 1,795 stores in the U.S, and another 130 in Canada. Home Depot has 2,200 stores in the U.S., Canada and Mexico.

Krebs said the hacker who posted a link bragging about the heist and offering the stolen data for sale called the files “American Sanctions” and “European Sanctions,” an allusion to the ongoing geopolitical fight over the situation in the Ukraine and the recent imposition of sanctions by Europe and the U.S. against Russia.

“At this point, I can confirm that we’re looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” said Home Depot spokesperson Paula Drake. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further. We will provide further information as soon as possible.”

It’s been a bad few days for hacker news. Last week, Dairy Queen stores were hacked, which shined a light on a U.S. Secret Service warning estimating that 1,000 retailers had been victims of malicious software called “Backoff.” Then word came the computer criminals, allegedly from Russia, had infiltrated critical systems include JPMorgan Chase and four other large banks. And this weekend saw the release of embarrassing photos allegedly stolen from Apple’s iCloud service by hackers.

Consumers who think they may have been affected should check their bank account and credit card statements for unauthorized charges, and contact their bank or credit card issuer immediately if any questionable charges are found. Monitoring your credit scores can also help you catch otherwise undetected cases of identity fraud. If you see an unexpected and big drop in your scores, check your credit reports for unauthorized accounts or collection accounts that are tied to fraudulent debt. There are resources that allow you to monitor your credit scores for free, including Credit.com.

This post was updated Sept. 2, 2014 to include a statement from Home Depot.