The Georgia-based company Home Depot, with 2,200 stores nationwide, appears to be the most recent victim of a massive data breach which may have given thieves access to tens of millions of consumers’ credit card account information. 

According to security blogger Brian Krebs, this data breach incident at Home Depot could be significantly larger than the Target breach due to length of time it went undetected.

In a message on its website, Home Depot has confirmed they are looking into some “unusual activity” and that it is actively working with its banking partners and law enforcement to investigate this payment card breach which, according to some, may have started as early as April.  

This determination is based on the recent appearance of credit card information becoming available in underground forums and on various websites.  Once the credit card information has been stolen and put up for sale, it can quickly be transferred onto blank plastic cards for use by identity thieves.  Initially selling for $50 to $100 on the black market, this information quickly loses its value once the financial institutions begin to detect “unusual activity”.

While the extent of the damage has yet to be determined, there are serious concerns that the breach compromised account numbers and expiration dates through malware placed on the company’s point-of-sale credit card readers.  In this case, many industry experts believe it is the same Backoff Point-of-Sale malware which may have compromised the credit card information in the breaches that occurred at Target, Neiman Marcus, Michaels and the UPS store. 

The U.S. Secret Service estimates this malware has infected more 1,000 U.S. businesses.  If so, all of the account information contained on the magnetic strips on the individual cards could have been retrieved by the hackers before the POS devices encrypted the information. 

The following message has been posted on the Home Depot website:

"We’re looking into some unusual activity that might indicate a possible payment data breach and we’re working with our banking partners and law enforcement to investigate.  We know that this news may be concerning and we apologize for the worry this can create.  If we confirm a breach has occurred, we will make sure our customers are notified immediately.  For now, you should know the following:

First, you will not be responsible for any possible fraudulent charges.  The financial institution that issued your card or Home Depot are responsible for those charges should we confirm a breach. Make sure you are closely monitoring your accounts and reach out to your card issuer should you notice any unusual activity. If we confirm a breach, we will offer free identity protection services, including credit monitoring, to any potentially impacted customers. We’re working hard to get you the information you need as quickly as possible and will continue to provide updates as we learn more. If you have any questions, please call Home Depot Customer Care at 1-800-HOMEDEPOT (1-800-466-3337)."

What this means to you:

A compromise of payment information means that an unauthorized person(s) now has access to this information and could potentially use this information to make fraudulent purchases on the account(s) that were used when you shopped at Home Depot.

What you can do:

Monitor your credit and bank statements closely and look for any unauthorized activity.  Review each item, and keep an eye out for small dollar transactions. If you notice any fraudulent charges on your credit card or debit card, contact your financial institution (bank or credit card issuer) immediately.  Inform them that the charges are fraudulent and they will walk you through their remediation process.  Each financial institution has a different process.

Should you have any further questions or concerns about this event, please visit our website at or call and speak to an advisor for free advice at (Toll Free) 888.400.5530.




ITRC Sponsors and Supporters





Go to top