Home Depot, the world’s largest home improvement retailer, finally put a number on the scope and reach of the data breach that hit its U.S. and Canadian networks — approximately 56 million unique payment cards.
The company also said Thursday that it has completed “enhanced encryption of payment data at point of sale” in U.S. stores that offers new protection for customers. Roll-out of enhanced encryption to Canadian stores will be complete by early 2015.
Canadian stores are already enabled with EMV “Chip and PIN” technology, which Visa and MasterCard have committed to adopting by October 2015 in the United States.
“To protect customer data until the malware was eliminated, any terminals identified with malware were taken out of service, and the company quickly put in place other security enhancements,” Home Depot said in a statement. “The hackers’ method of entry has been closed off, the malware has been eliminated from the company’s systems …”
The malware is believed to have been present between April and September 2014. Home Depot said its investigation into a possible breach began on Tuesday morning, September 2, immediately after the company received reports from its banking partners and law enforcement that cyber criminals may have breached its systems.
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”
Home Depot is offering free identity protection services, including credit monitoring, to any customer who used a payment card at a Home Depot store in 2014, from April on.
Customers who wish to take advantage of these services can learn more at homedepot.com or by calling 1-800-HOMEDEPOT (800-466-3337). Customers in Canada can call 800-668-2266.