The largest home-improvement chain in the U.S. confirmed that it is looking into a suspicious activity in its security system and is working hand in hand with banks and law enforcement to delve for more details. The decision came after Brian Krebs, a security blogger, reported in his blog that several banks found a number of evidence showing data of the depot's customers that are stolen by hackers. The blog also noted that a large cache of credit and debit card data seemed to be tagged as for sale on a web-based black market.
Home Depot spokeswoman Paula Drake said that the company is looking into the reports of a suspected network breach but declined to give more details on the matter.
"Protecting our customer's information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers," says Drake. "If we confirm that a breach has occurred, we will make sure customers are notified immediately."
According to Krebs, the security breach may have started in the latter part of April and has affected all the 2,200 stores of the home improvement chain. In the black market site that is associated with Lampeduza Republic, the stolen cards are said to carry the labels "American sanctions" and "European sanctions." It was suggested that full responsibility of the breach should be placed on a group of Ukrainian and Russian hackers. The same group had been linked with other instances of high-profile data breaches. The findings seemed to indicate that the stolen cards are placed on a hawking site as Russia's way of retaliating against Western sanctions when the former had military incursions into Ukraine.
The security breach incident led to a renewed concern on how retailers are slowly adopting the "chip and PIN" technology which is believed to be the best alternative in making cards more secure.
"Retailers are now seeing firsthand why the technology is necessary and how technology costs pale in comparison to the direct and indirect costs associated with a major data breach," says Michael Sutton, vice president of security research for cloud-computing company Zscaler Inc in San Jose, California.
The incident at Home Depot is the latest in the long line of data thefts that have affected major U.S. businesses in the past couple of days. Others that have become victims of security issues include Supervalu, UPS Store, Dairy Queen, Target, restaurant chain P.F. Changs, department store Neiman Marcus and Michaels Store, an arts and crafts retail chain.
Krebs adds that the breach at Home Depot could even be several times larger than Target. It remains to be seen whether the investigation would provide further details to give accuracy on the report.
