Home Depot Inc. confirmed that hackers infiltrated its computer systems at stores in the U.S. and Canada.
While payment systems were breached, there is no evidence that debit-card PINs have been compromised, the company said in a statement Sept. 8. Home Depot, which didn't disclose how many customers may have been affected, said the continuing investigation is focused on purchases made since April.
Home Depot is the latest U.S. retailer to suffer a data breach from hackers, following attacks at Target Corp., Supervalu Inc. and Neiman Marcus Group Ltd. As the list of victims increases, the retail industry is under escalating pressure to improve the security of computer systems and credit cards.
"I don't know why the retailers aren't waking up and doing something about" their vulnerabilities, Tomer Weingarten, chief executive officer of online security firm SentinelOne in Mountain View, California, said in a phone interview. "It seems like Target should have been a very big wake-up call."
The U.S. Secret Service is also looking into the possibility that the hackers who breached Target are behind the Home Depot attack, according to a government official who wasn't authorized to speak publicly.
The retailer said last week that it only learned of a possible breach after independent journalist Brian Krebs reported on Sept. 2 that hackers may have stolen customer data and made counterfeit credit- and debit-cards. It's been investigating the matter since.
Home Depot said Sept. 8 that there's no evidence that the breach affected online shoppers or stores in Mexico. The chain said it is giving identity protection and credit monitoring to anyone who used a payment card in a Home Depot store since April. Target made a similar offer after its breach.
Home Depot is working to restore confidence with its customers while also transitioning to a new chief executive officer. Craig Menear, the chain's president of U.S. retail, will succeed CEO Frank Blake on Nov. 1. Blake, who took over in 2007, will remain chairman of the board.
While the financial impact on Home Depot remains to be seen, Target has already booked charges. As of Aug. 2, the discounter recorded $146 million in expenses related to the breach in which data for 40 million accounts were stolen. Part of the expenses include an estimate on claims yet to be made by the credit card companies.
More than 100 lawsuits have been filed against Target relating to the breach. The chain also blamed the attack, which became public in December, for a sales decline in the fourth quarter. In response, it's spending $100 million to improve its security, including equipping company-issued credit cards with "chip and PIN" technology, which is considered harder to hack.
The sales impact on Home Depot may be muted because this breach was disclosed in September when Home Depot's key selling season during the first half of the year was already behind it, according to Bloomberg Intelligence. Disclosure of the Target breach happened during the heart of the holiday shopping season.