Home Depot may be the latest retailer hit by hackers in a breach that could have affected millions of customers, according to security blog Krebs on Security.
The home-improvement chain confirmed to The Huffington Post on Tuesday that it is working with banks and law enforcement to investigate "some unusual activity" after Brian Krebs, who writes about cybersecurity on his eponymous blog, reported that "multiple banks" had seen evidence that could indicate hackers stole customer data from Home Depot. A huge cache of credit and debit card data appeared to be for sale on a black market site, Krebs reported.
Krebs is a former investigative reporter at The Washington Post who broke the news of the Target’s massive data breach on his site last year.
According to Krebs, several banks said they think the breach may go all the way back to April or early May 2014 -- meaning this hack would be much larger than the one that hit Target last December and compromised about 40 million cards.
“Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers,” Paula Drake, a spokeswoman, said in a statement sent to HuffPost. “If we confirm that a breach has occurred, we will make sure customers are notified immediately.”
On Wednesday, the company warned customers to keep track of potential fraudulent charges to their accounts and said affected customers won't be held responsible.
"If we confirm a breach, we will offer free identity protection services, we will offer free identity protection services, including credit monitoring, to any potentially impacted customers," the company said in a statement posted on its website early Wednesday.
Russian and Ukrainian hackers may be to blame, Krebs reported.
A batch of cards went on sale Tuesday on a site associated with Lampeduza Republic, a popular online black market for stolen cards, under the names “European sanctions” and “American sanctions,” Krebs reported. That seems to indicate the stolen cards are being hawked in retaliation against Western sanctions on Russia for its military incursions into Ukraine.
UPDATE: This story has been updated with the customer warning posted on Home Depot's website