A cyberattack on Home Depot earlier this year put roughly 56 million payment cards at risk, the home-improvement giant said Thursday.
Home Depot said “criminals used unique, custom-built malware to evade detection” and steal customers’ information between April and September.
The company said the malware used in the attack had been eliminated and that it has implemented enhanced encryption of payment data.
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO of Home Depot. The statement offered identity protection to customers whose information may have been compromised. The company did not say who might have been behind the attack.
Cyberattacks aimed at getting customers’ payment card or other financial data have become an increasing concern for lawmakers in recent years, following high-profile breaches at companies such as Target and Kickstarter, and more recently, JPMorgan Chase and possibly other large banks.
Treasury Secretary Jack Lew said in July that “cyberattacks on our financial system represent a real threat to our economic and national security.”
The Senate Intelligence Committee passed legislation in July that would grant companies immunity for sharing information about cybersecurity with law enforcement.
More recently, in a September letter to Apple CEO Tim Cook following suggestions that Apple’s iCloud storage had been breached to access celebrities’ photos, Sens. John Rockefeller and Claire McCaskill wrote that “we have been advocates for data security and breach notification legislation … the recent security incidents that have affected major corporations, including Apple, demonstrate the need for such federal legislation.”
