Between April and September of this year, 56 million payment cards used at Home Depot were leaked in a security breach, the company confirmed today. The home-improvement retailer announced that the malware responsible for the breach has been removed from its U.S. and Canadian systems.
Home Depot entered an investigation on September 2, when banks and law enforcement officials informed the company that its payment data system had been compromised.
The investigation found that the criminals used a custom-built malware to invade the system. In a press release today, Home Depot stated no debit PIN data appears to be have been released by the cyber attack, and all online shopping transactions remained secure.
The retailer has 2,266 stores in the U.S., 10 Canadian provinces and Mexico, but only the U.S. and Canadian systems were attacked, the company says. The company announced that new, enhanced encryption technology is now in place in its U.S. stores and will be in all Canadian outlets by the beginning of 2015.
The retailer also promised customers that they would not be held responsible for fraudulent charges as a result of the breach.
“We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges,” said Frank Blake, chairman and CEO of the company. “From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”